Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll
-
Size
483KB
-
MD5
cb564ee55db7558824bbde711324e1bb
-
SHA1
f1092f6072c3b9787a6e3d7d5f6d9085269da3bd
-
SHA256
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b
-
SHA512
841073d413ca28f78b6df1fb705dfc2c30d9fbffdc5cb10d8e0de3724345ec1dda587a6619326f3c02e36da3405c801774ec3b16dc975222d3355a4e37b4d3de
-
SSDEEP
12288:WsKPdEqeVO3gTSVrzuM891FnPXHlL85kPRUbTNwHPL3:I3YSVmM89DPp8XbTuHD3
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4752 3660 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4364 wrote to memory of 3660 4364 rundll32.exe rundll32.exe PID 4364 wrote to memory of 3660 4364 rundll32.exe rundll32.exe PID 4364 wrote to memory of 3660 4364 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll,#12⤵PID:3660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 6123⤵
- Program crash
PID:4752
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3660 -ip 36601⤵PID:1668