Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
apdboot.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
apdboot.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
apdboot.dll
-
Size
931KB
-
MD5
7514fa4d5d1162f631ed5fea0884c0f4
-
SHA1
a39e56a89b546b1ad55e531e62240586b9489234
-
SHA256
e1f5396d6c9e0d82c45fb48c723460709706398078546bca83e123ca9eb4036f
-
SHA512
5822def0a35098f80cd570f79a848b639681d21eae4c79479e562907c58c42a218ba786df7ab328532dee1e8f6bc3a7da5c1529f17b93d759df328603ec02b32
-
SSDEEP
12288:eCwXI/iPKmldxkIR+BCm8LJJKx2jKuIHTMxiXZU:DwMmlPd1LJwx2jK9ZZ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2360 2324 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2108 wrote to memory of 2324 2108 rundll32.exe rundll32.exe PID 2324 wrote to memory of 2360 2324 rundll32.exe WerFault.exe PID 2324 wrote to memory of 2360 2324 rundll32.exe WerFault.exe PID 2324 wrote to memory of 2360 2324 rundll32.exe WerFault.exe PID 2324 wrote to memory of 2360 2324 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\apdboot.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\apdboot.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 2243⤵
- Program crash
PID:2360