Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-04-2024 09:07
Behavioral task
behavioral1
Sample
1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll
Resource
win10v2004-20231215-en
General
-
Target
1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll
-
Size
256KB
-
MD5
b8981ad9c13cd93e90ea28204822cd84
-
SHA1
1e47d0fba3bf7946a695ed571e7103221b1a5a66
-
SHA256
1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d
-
SHA512
ac4bf82fe9ee5ea2722c1191d621d96448e898184043bebdb0165c9d1ade05816175ca48b571c9493051a85ceb7214523b2576e1ac972f77b3247dd703e5b186
-
SSDEEP
3072:7c0nsHpyvGj346lbkBb/gppj8aJGIhxjT3A8ygbLAZmitdGl39tjYJ1b/S1PcUdB:7c0bPhIpt8ahTw8PHA8itQpjvZuE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2292 wrote to memory of 2760 2292 rundll32.exe WerFault.exe PID 2292 wrote to memory of 2760 2292 rundll32.exe WerFault.exe PID 2292 wrote to memory of 2760 2292 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bf3647395cbfae4a71ce3f23050d219fb45edb51033f4d5799e53963a7a0c7d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2292 -s 522⤵