Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 18:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
apdboot.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
apdboot.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
apdboot.dll
-
Size
931KB
-
MD5
7514fa4d5d1162f631ed5fea0884c0f4
-
SHA1
a39e56a89b546b1ad55e531e62240586b9489234
-
SHA256
e1f5396d6c9e0d82c45fb48c723460709706398078546bca83e123ca9eb4036f
-
SHA512
5822def0a35098f80cd570f79a848b639681d21eae4c79479e562907c58c42a218ba786df7ab328532dee1e8f6bc3a7da5c1529f17b93d759df328603ec02b32
-
SSDEEP
12288:eCwXI/iPKmldxkIR+BCm8LJJKx2jKuIHTMxiXZU:DwMmlPd1LJwx2jK9ZZ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4196 1816 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4708 wrote to memory of 1816 4708 rundll32.exe rundll32.exe PID 4708 wrote to memory of 1816 4708 rundll32.exe rundll32.exe PID 4708 wrote to memory of 1816 4708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\apdboot.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\apdboot.dll,#12⤵PID:1816
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 5963⤵
- Program crash
PID:4196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1816 -ip 18161⤵PID:3136