Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b64149b93ccb89b97f0b8aa14011f157c7e3be7fef3f55bf58ed6aced19cdc95.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
b64149b93ccb89b97f0b8aa14011f157c7e3be7fef3f55bf58ed6aced19cdc95.dll
-
Size
488KB
-
MD5
fc6c79baf9aadc895b60e0be7e993b31
-
SHA1
8a82668f76881439bd99af6eb9c99d79f7c9194b
-
SHA256
b64149b93ccb89b97f0b8aa14011f157c7e3be7fef3f55bf58ed6aced19cdc95
-
SHA512
621d710648d99ae71f68ae64adb6b4b3a1c5b0509f3d1a76b50bf5301af1adc4993143701a0c1938c5d04ea53c731f1e140d529ff2578f04b8d783ccbc46bf59
-
SSDEEP
12288:tV9oEWdfVZarc007v9im9ORcjdyVv42C+dm1TP9PB8UbTNwHPM8m:dMarc007v9m/SPLbTuH08
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4412 4572 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2392 wrote to memory of 4572 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 4572 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 4572 2392 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b64149b93ccb89b97f0b8aa14011f157c7e3be7fef3f55bf58ed6aced19cdc95.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b64149b93ccb89b97f0b8aa14011f157c7e3be7fef3f55bf58ed6aced19cdc95.dll,#12⤵PID:4572
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 6243⤵
- Program crash
PID:4412
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4572 -ip 45721⤵PID:1956