Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll
-
Size
2.6MB
-
MD5
ec6cbdc93d75a0879d073cef92f72507
-
SHA1
dc78f4a068b69b1b72ee3a6dac58d581301cd960
-
SHA256
ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce
-
SHA512
c4af31e58eef51837872017736f224db16465ba841d4a225996d4d73aa273a6be41df80e3b1d019ad785f3b6e86da7058617aa499aba22bf3c8da0b39797cc27
-
SSDEEP
49152:hFLFvOT/MSiIJlpstDJwFvJbb5FjhPVq4Q32GC6Q5DBZyIEDRH+Lm095dk:nFmT/MSiIvpstDybbLjJk4QGGC6QAIEg
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2400 648 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3976 wrote to memory of 648 3976 rundll32.exe rundll32.exe PID 3976 wrote to memory of 648 3976 rundll32.exe rundll32.exe PID 3976 wrote to memory of 648 3976 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3976 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll,#12⤵PID:648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 6523⤵
- Program crash
PID:2400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 648 -ip 6481⤵PID:2104