Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74f3be42019d5715fff96db6c2ebca71.dll
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
74f3be42019d5715fff96db6c2ebca71.dll
-
Size
19KB
-
MD5
74f3be42019d5715fff96db6c2ebca71
-
SHA1
ccbf5ebb2cc0220d349b18cf673ddac7633c365b
-
SHA256
a20a84ccd2f8e1f7331192932e05fb53231d62fb36191933604ea85dfd5cd533
-
SHA512
367324ee594dfc2b0cf8e4b3b04f751054b0d9749a52a275500ffd216e0f4a31ba119d84e2a0ad6ced972fa5a49c5a7bdaa0e3cd83166a1a11dbcca4ac3e3581
-
SSDEEP
384:pa0h9x9DBDsgp203Pwg1qBiCwB7TgooB6yVUCbvAQxub:pDh9x1Vsgpr3og1DlvJU6yVUU9xub
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\WMIApiSrv.dll rundll32.exe File opened for modification C:\Windows\SysWOW64\WMIApiSrv.dll rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2256 2212 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2212 rundll32.exe 2212 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2212 1920 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2256 2212 rundll32.exe WerFault.exe PID 2212 wrote to memory of 2256 2212 rundll32.exe WerFault.exe PID 2212 wrote to memory of 2256 2212 rundll32.exe WerFault.exe PID 2212 wrote to memory of 2256 2212 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f3be42019d5715fff96db6c2ebca71.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f3be42019d5715fff96db6c2ebca71.dll,#12⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 2243⤵
- Program crash
PID:2256