Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
-
Size
240KB
-
MD5
6a2ecd5487743d4129c23bbebe95e2e3
-
SHA1
431d87b53a8da69dfc60de90d2fa3f63a6c9fd15
-
SHA256
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f
-
SHA512
5d2bb8ecb90228158c3b5a1f36bd05d7ff0b7c19c301aa20d8340dd3e3f2b3991b6f8a2d031a628af821aa5c6c5492e8201078182915aee7a1237c0b6a2ab39f
-
SSDEEP
3072:YmybuLkbiPXYu+MY3XpLd8VnQtyCCxEvRWCWa+NTPdJu6lhAOkSSs:YmpLkifY/MWXYQ3ntAm6D6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1632 2456 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2456 2536 rundll32.exe rundll32.exe PID 2456 wrote to memory of 1632 2456 rundll32.exe WerFault.exe PID 2456 wrote to memory of 1632 2456 rundll32.exe WerFault.exe PID 2456 wrote to memory of 1632 2456 rundll32.exe WerFault.exe PID 2456 wrote to memory of 1632 2456 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 2203⤵
- Program crash
PID:1632