Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-04-2024 22:56
Behavioral task
behavioral1
Sample
7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll
Resource
win10v2004-20240226-en
General
-
Target
7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll
-
Size
254KB
-
MD5
088a38e23ec7e33bb34de333967ea4d0
-
SHA1
40eb36cfdbd2bdcdc84b224d1f4666003d8f4ac5
-
SHA256
7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12
-
SHA512
7b0997eefea28df5d17d324336fe85a50d793fabba1b05878021706442fe3c168a0e0f41ec7bc208891780d09a34b1c068f0923a916055aeb8d846ef0766af8d
-
SSDEEP
3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/6494YJGaXMLIHnaH:TJwpYVNcn3pTdNe+WXVix4uzH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2208 wrote to memory of 2332 2208 rundll32.exe WerFault.exe PID 2208 wrote to memory of 2332 2208 rundll32.exe WerFault.exe PID 2208 wrote to memory of 2332 2208 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d037c95a8c36ea8b5b7d9dc1169d6d592912e6fdd82b341bce7a6f3ea946e12.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2208 -s 1082⤵