Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:30
Static task
static1
Behavioral task
behavioral1
Sample
be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll
Resource
win10v2004-20231215-en
General
-
Target
be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll
-
Size
1.2MB
-
MD5
588635c5b482b8ad142f2f6947ed92cd
-
SHA1
97db62f6b3363d6e056a0a2ff1bc7c8adc98d1ff
-
SHA256
be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d
-
SHA512
5db9c26d8135f960d4204c0f669710987eabed47883613b77dbb8127f66a9e22ed9c667423783a0472b8dcebdc263c6f73de5a0f0cd87b9b6e427284b5d23681
-
SSDEEP
24576:JQYHDcKDlfwLCeA6XACXS1HMq/fQhvxasfOriL5ChXsTA7IC:pfXKXAhsmJjnhiC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1888 wrote to memory of 2464 1888 rundll32.exe WerFault.exe PID 1888 wrote to memory of 2464 1888 rundll32.exe WerFault.exe PID 1888 wrote to memory of 2464 1888 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be85fee66f8ecfbf3bd599b9d27c743b62b6927de6b6a034ffe9cfb2688a9d9d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1888 -s 842⤵PID:2464