Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll
-
Size
250KB
-
MD5
35391ece3b7a7b067d5f3778e72bcf4e
-
SHA1
7a3ad3ec63679f4d164edb0a4e70c5e37c2fa5ed
-
SHA256
c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d
-
SHA512
a8bd058c267752635cce9b5865f99a2ececccc5fb9970f32dd92fb46de31866a0c13937192b244345ad2099a5a08a207bc17c65246fe0f8a968bb6184f486baa
-
SSDEEP
3072:TYVp+k+WzTgEhOCbe4vul5f6epCHu6HuUh51hvkLk8+ebUStoAVxyhUoc:TYVpx+TEhOoeCulTwHEE51hk9Ptojm
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 832 3744 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1556 wrote to memory of 3744 1556 rundll32.exe rundll32.exe PID 1556 wrote to memory of 3744 1556 rundll32.exe rundll32.exe PID 1556 wrote to memory of 3744 1556 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#12⤵PID:3744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 6123⤵
- Program crash
PID:832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3744 -ip 37441⤵PID:1736