Analysis
-
max time kernel
92s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll
-
Size
381KB
-
MD5
8a1f7a72d9ac9bc5947829fbb06cce12
-
SHA1
df3d871e4122a3624a06f82c344095e20be1ce82
-
SHA256
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28
-
SHA512
3061721d6d7690ecc0373092e163991a095966fdb1960270dda88711b8d20fff2435e18cc7dc498f379983ac7401ca19a87bf270e2ff8cd3a05ddf5f888693b1
-
SSDEEP
6144:dMwmVYHHDFVag30hmru2zYhTuP0cpuUb5p9TwHlM82/VZ:dB8M4g30hmq2EhTuPgUbTNwHPCV
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4448 672 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1936 wrote to memory of 672 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 672 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 672 1936 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll,#12⤵PID:672
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 6123⤵
- Program crash
PID:4448
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 672 -ip 6721⤵PID:4420