Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 15:57
General
-
Target
c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll
-
Size
250KB
-
MD5
35391ece3b7a7b067d5f3778e72bcf4e
-
SHA1
7a3ad3ec63679f4d164edb0a4e70c5e37c2fa5ed
-
SHA256
c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d
-
SHA512
a8bd058c267752635cce9b5865f99a2ececccc5fb9970f32dd92fb46de31866a0c13937192b244345ad2099a5a08a207bc17c65246fe0f8a968bb6184f486baa
-
SSDEEP
3072:TYVp+k+WzTgEhOCbe4vul5f6epCHu6HuUh51hvkLk8+ebUStoAVxyhUoc:TYVpx+TEhOoeCulTwHEE51hk9Ptojm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 2523⤵
- Program crash