Analysis
-
max time kernel
111s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
-
Size
240KB
-
MD5
6a2ecd5487743d4129c23bbebe95e2e3
-
SHA1
431d87b53a8da69dfc60de90d2fa3f63a6c9fd15
-
SHA256
6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f
-
SHA512
5d2bb8ecb90228158c3b5a1f36bd05d7ff0b7c19c301aa20d8340dd3e3f2b3991b6f8a2d031a628af821aa5c6c5492e8201078182915aee7a1237c0b6a2ab39f
-
SSDEEP
3072:YmybuLkbiPXYu+MY3XpLd8VnQtyCCxEvRWCWa+NTPdJu6lhAOkSSs:YmpLkifY/MWXYQ3ntAm6D6
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2628 2708 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1116 wrote to memory of 2708 1116 rundll32.exe rundll32.exe PID 1116 wrote to memory of 2708 1116 rundll32.exe rundll32.exe PID 1116 wrote to memory of 2708 1116 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#12⤵PID:2708
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 6083⤵
- Program crash
PID:2628
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2708 -ip 27081⤵PID:3008