Analysis
-
max time kernel
145s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2024 14:02
Behavioral task
behavioral1
Sample
c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6.dll
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6.dll
Resource
win10v2004-20240319-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6.dll
-
Size
285KB
-
MD5
3bb71cef8a643cf00aef4ed04a599b12
-
SHA1
bf8a77be54fffaca0775b2947e29b46959c010b9
-
SHA256
c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6
-
SHA512
82f48dd1f2bab3cb53f9d0127f4dc53a247e5af05a1ae7b7f6271bf1676560305df726c72bd330a387edba86714bfe45b65029720b4faeaf1a10a905fe617a9e
-
SSDEEP
6144:Rpb77NuFerqK7RcRYkcrY4MCIt07iPlvU0jVI8:fNuFe+MnES76U0jVI8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1224 468 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1768 wrote to memory of 468 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 468 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 468 1768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3dfcd55ea3b621537c1d7170212249d3d12f96a08d0e5c2ed1d4f0cf6036eb6.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 6003⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 468 -ip 4681⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4056 --field-trial-handle=2264,i,7994609493164365963,13212734413040148104,262144 --variations-seed-version /prefetch:81⤵