Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 08:14
Behavioral task
behavioral1
Sample
a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll
Resource
win10v2004-20240426-en
General
-
Target
a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll
-
Size
164KB
-
MD5
119a205e27d9c9e864f3a5b2c91cca02
-
SHA1
cc388a0c3643c5f5b039d5284237a38d74ae21b5
-
SHA256
a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3
-
SHA512
97f0ed7977d30cecd625c5bbc33e0e2cc7ae80b9d6e43f7cd21796817deb3aaa0e5dbb8049429872b67f31cee426642d6671709e67f59806e5846bbb0bba7ae3
-
SSDEEP
3072:vJgI/GkzG1mxLhbkBPYa6KDKtYTwyEmH+7rg8XK43QAh3U:qyzGa4P56SKKTwXmH2MTJ03U
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3416 3764 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1652 wrote to memory of 3764 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 3764 1652 rundll32.exe rundll32.exe PID 1652 wrote to memory of 3764 1652 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3764 -ip 37641⤵