Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll
-
Size
276KB
-
MD5
f2a8dba317bc319dc46f811c604057fc
-
SHA1
d0bbcbd28021d080e5c58f60a639d410d55c5d3f
-
SHA256
c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4
-
SHA512
0cea40e27efdaef61a4d62b08d164a93bc151953053349d14b3fd5eea3fa7806955f45aa3e33aee134fa0124a681b84834eb3deb945613da0cc9ca60a86975b8
-
SSDEEP
6144:SzmPaTbk12Al0uZGvtdZysYpuUb5p9TwHlM823HNb:4mPaTbk1240vvt5UbTNwHPw
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4364 1980 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3684 wrote to memory of 1980 3684 rundll32.exe rundll32.exe PID 3684 wrote to memory of 1980 3684 rundll32.exe rundll32.exe PID 3684 wrote to memory of 1980 3684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#12⤵PID:1980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 6003⤵
- Program crash
PID:4364
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1980 -ip 19801⤵PID:3548