Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18-04-2024 11:20
Behavioral task
behavioral1
Sample
2924-2-0x0000000028CD0000-0x0000000028D1F000-memory.dll
Resource
win7-20240220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2924-2-0x0000000028CD0000-0x0000000028D1F000-memory.dll
Resource
win10v2004-20240412-en
0 signatures
150 seconds
General
-
Target
2924-2-0x0000000028CD0000-0x0000000028D1F000-memory.dll
-
Size
316KB
-
MD5
27758a2c2eeba22f1c880972e2625473
-
SHA1
cd652b64933056c962748762cda9f7336fdf6c81
-
SHA256
7c691f7e9306ac1bb875eec05be2a09c1019e61c2af96d16d5064f9ffcc6ff4c
-
SHA512
e2e332e182a348c63c50c1ac5def5266d970d53db42b0b641ad1491fa219b2c1ad0c5e37407bbfcadaa769422d3024c4e46b6a5e3f09d2be5e8812d3aebd0371
-
SSDEEP
6144:uJqXG5d1Ip8yibgkTZI6jHID90a0jPdsH/:u9d6devoxkjPdq
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2792 wrote to memory of 1692 2792 rundll32.exe WerFault.exe PID 2792 wrote to memory of 1692 2792 rundll32.exe WerFault.exe PID 2792 wrote to memory of 1692 2792 rundll32.exe WerFault.exe