Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll
-
Size
222KB
-
MD5
74c7fa512488e92f2cf00abdce92c1b8
-
SHA1
1727b635745d05ae6e272b7af3e91cab491e5a97
-
SHA256
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84
-
SHA512
44f5e961d1ce94f24f69060aac50a3bcb071e52267d6c678e094f72f9225be12eb72b1cdd884260f81636639cc711436304d4dbd0d75d551564856c8aa84406f
-
SSDEEP
3072:i1iyRWiGqAc6L8p1dcUFwS++CfS+dbqDohZEzyCqdI:i1ial6L85FV/JdDomZm
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3732 4536 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1520 wrote to memory of 4536 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 4536 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 4536 1520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll,#12⤵PID:4536
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 6003⤵
- Program crash
PID:3732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4536 -ip 45361⤵PID:3624