Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05-03-2024 21:52
Behavioral task
behavioral1
Sample
1312-57-0x0000000000220000-0x00000000002B0000-memory.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1312-57-0x0000000000220000-0x00000000002B0000-memory.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
1312-57-0x0000000000220000-0x00000000002B0000-memory.dll
-
Size
576KB
-
MD5
00999d0c7441f7df98d7c51555e49b49
-
SHA1
c82684c033dca25a5e06239dd89c26ba50290769
-
SHA256
46b3c88f0c0b01af8133ea8f70ead6ac5728194ad6dc5fa2a28835bce5b1b0e8
-
SHA512
b4c2df11efadafd39dbf388c2b98b9816dba2aa689a7a58aaee165a7dc984002b27e0a0d458f677f9926854061762c09cf550aee1eb8b5294cfa6be8fef6a605
-
SSDEEP
768:B2fdU27y2VWZYmACvCsyXAXdHon1a7KLtA/+aPW0d6dfXSt8wpaJMHg4k+R:+u2+2VoYmAwyAtv7K6maPFwdf/wmSk
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2296 2528 WerFault.exe 89 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3172 wrote to memory of 2528 3172 rundll32.exe 89 PID 3172 wrote to memory of 2528 3172 rundll32.exe 89 PID 3172 wrote to memory of 2528 3172 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-57-0x0000000000220000-0x00000000002B0000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-57-0x0000000000220000-0x00000000002B0000-memory.dll,#12⤵PID:2528
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 5643⤵
- Program crash
PID:2296
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2528 -ip 25281⤵PID:4176