Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 23:23
Behavioral task
behavioral1
Sample
5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8.dll
-
Size
206KB
-
MD5
0ca1ffb92c5d3d1db90fb98d7dab30eb
-
SHA1
46b068e0168565c98eafd2278b9a420a18d73f11
-
SHA256
5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8
-
SHA512
571a044921b3e47514397dc677a940781c0d843be1079e89a333ef617aa627d338063712efe59553d169dd84dbe9f611d161a300671c79fcca91befa4f2cfcaf
-
SSDEEP
3072:ZnT2RRXuwcN3OQXB8CITr9VV2ILe126JyTuBdjdUG5dBj:ZwXupN1x8CgBbRLDTuLj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3928 2260 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3184 wrote to memory of 2260 3184 rundll32.exe rundll32.exe PID 3184 wrote to memory of 2260 3184 rundll32.exe rundll32.exe PID 3184 wrote to memory of 2260 3184 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5da84f72f94d65f68a8ee3179275899be0654330613b8fe3d96ecf3b4bb727c8.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2260 -ip 22601⤵