Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-03-2024 11:09
Behavioral task
behavioral1
Sample
2044-76-0x00000000050A0000-0x00000000050D4000-memory.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2044-76-0x00000000050A0000-0x00000000050D4000-memory.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2044-76-0x00000000050A0000-0x00000000050D4000-memory.dll
-
Size
208KB
-
MD5
e6d343135863c5d89967e639e5c15fcd
-
SHA1
508f4686fcb1410bda90a03c46f19405bc340a44
-
SHA256
60868f4b22531612ddc2884a8bba98e0ee3a0ff85c6162c9041fa4f47c6dd39e
-
SHA512
c493e517e9c050ac4feb380cbff230b690d254740f616b685530e5f1951e1d60b70a5d19e8baeced7d65f498fb4d25683f1db36ea406b880c1d9f56afe91fabd
-
SSDEEP
3072:ZnT2RRXuwcN3OQXB8CITr9VV2ILe126JyTuBdjdUkB5Wpj:ZwXupN1x8CgBbRLDTuLj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1812 3792 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2140 wrote to memory of 3792 2140 rundll32.exe rundll32.exe PID 2140 wrote to memory of 3792 2140 rundll32.exe rundll32.exe PID 2140 wrote to memory of 3792 2140 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2044-76-0x00000000050A0000-0x00000000050D4000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2044-76-0x00000000050A0000-0x00000000050D4000-memory.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3792 -ip 37921⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:81⤵