Analysis
-
max time kernel
93s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
13a6b9b0cb511df243abcac34539e4c8465826e1fa012e13d0fe67476c9191d8.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
13a6b9b0cb511df243abcac34539e4c8465826e1fa012e13d0fe67476c9191d8.dll
-
Size
600KB
-
MD5
e73164847311387bfc9fa722f264b2dc
-
SHA1
01aab93797b4b329adf4be9548f9e7e0802c998b
-
SHA256
13a6b9b0cb511df243abcac34539e4c8465826e1fa012e13d0fe67476c9191d8
-
SHA512
e0a80c015f3834885bcf0f4892dc489ab67e0c9772d0bf387d042bff63e3d3639cd0674db7b8451cbe1a26d53cb5668a93b8f77ddb20b5da71ec24cab5964fcf
-
SSDEEP
12288:aLVYmb+rC++14fIJ4n9eK+RSQoVzb73P4cKGZ13DaxuD+BxjJJRUbTNwHPe7lG:IYq+rC++14wyn9eK+8QoVzb73P4cKGjI
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4704 4004 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 228 wrote to memory of 4004 228 rundll32.exe rundll32.exe PID 228 wrote to memory of 4004 228 rundll32.exe rundll32.exe PID 228 wrote to memory of 4004 228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\13a6b9b0cb511df243abcac34539e4c8465826e1fa012e13d0fe67476c9191d8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\13a6b9b0cb511df243abcac34539e4c8465826e1fa012e13d0fe67476c9191d8.dll,#12⤵PID:4004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 6003⤵
- Program crash
PID:4704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4004 -ip 40041⤵PID:1888