Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-03-2024 02:49
Behavioral task
behavioral1
Sample
1416-56-0x0000000000890000-0x0000000000944000-memory.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1416-56-0x0000000000890000-0x0000000000944000-memory.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
1416-56-0x0000000000890000-0x0000000000944000-memory.dll
-
Size
720KB
-
MD5
31a334136bff9b0ac121a7e63aef18da
-
SHA1
b537ff8e1849b59a12f102722be4d46d35aa0218
-
SHA256
b4fa25ec1b33eb04d9205e5d8aa9508ad48ff16b5a5d04ec33fb7c1c964669b3
-
SHA512
70366995dd4765fe4bd26b0b38ac201a69444b8eadf9f92fb3dedf2940aa7222871bb9d05a58997ea65b97dc2b3d65391e6b2a3819916d06e7a13525c18e12a0
-
SSDEEP
768:t2MkJnRTiYm9Pv3Qy+qR4AeeQhOGCBzp3B9DzwobBoIPTYt:RkJnRWYmeFquNeQhqFpxdTbBoIP
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4852 1884 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4856 wrote to memory of 1884 4856 rundll32.exe rundll32.exe PID 4856 wrote to memory of 1884 4856 rundll32.exe rundll32.exe PID 4856 wrote to memory of 1884 4856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-56-0x0000000000890000-0x0000000000944000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-56-0x0000000000890000-0x0000000000944000-memory.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1884 -ip 18841⤵