Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:08
Behavioral task
behavioral1
Sample
5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9.dll
Resource
win10v2004-20240426-en
General
-
Target
5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9.dll
-
Size
76KB
-
MD5
9940d63274f82bffd580c8c01ed47f07
-
SHA1
2f9a982fb8890a4ca097e224da4e8752353fc2c1
-
SHA256
5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9
-
SHA512
ac08fe54ef3839ecf02ea34dc866546e5b6d7b9dc06268e5aea629c601e7cec0a192409624f918db8c065dc2b14d968948b80e5bd96f1c1ffb5f3e0b91cea1ab
-
SSDEEP
1536:BZZZZZZZZZZZZJOEDlwYSMQsGHxg0TS+XKyMqqU+2bbbAV2/S2TrKUm:zlZHQsozTS+1MqqDL2/TrK
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3816 2264 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 804 wrote to memory of 2264 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2264 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2264 804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5c23a36bf787b5def49e8f73386e08f314cbed86f24238d87e6ba7f9b5d327d9.dll,#12⤵PID:2264
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 6243⤵
- Program crash
PID:3816
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2264 -ip 22641⤵PID:2380