Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-03-2024 07:20
Behavioral task
behavioral1
Sample
c2c683ecc9f61667ea6a17edef39c6ee.dll
Resource
win7-20240221-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
c2c683ecc9f61667ea6a17edef39c6ee.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
c2c683ecc9f61667ea6a17edef39c6ee.dll
-
Size
221KB
-
MD5
c2c683ecc9f61667ea6a17edef39c6ee
-
SHA1
d59971ebcc4d9b96cc428eeb9bdaed116c925876
-
SHA256
f233eb49a721e7c9b8ab9d8d1b24578ad55fd303dee8077ff9ac38303ee7c68e
-
SHA512
92ead91aabf7497e183624a1a8bddec93c78e8aed7d493fba561083bbc3f26220bdc938d0935ea8611a40a801b6cefe4f2f62ae32aa9f7ee10c74c430299dbf7
-
SSDEEP
6144:n6HWvUL4LLGkrE5m4qgz9Y5q9q+0OcLnx0:n6f4Li2gz9Y5+F0zLx0
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1932-0-0x0000000000400000-0x000000000045E000-memory.dmp upx behavioral2/memory/1932-2-0x0000000000400000-0x000000000045E000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2708 1932 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4464 wrote to memory of 1932 4464 rundll32.exe rundll32.exe PID 4464 wrote to memory of 1932 4464 rundll32.exe rundll32.exe PID 4464 wrote to memory of 1932 4464 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c683ecc9f61667ea6a17edef39c6ee.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c683ecc9f61667ea6a17edef39c6ee.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1932 -ip 19321⤵