Analysis
-
max time kernel
92s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
InputInjectionBroker.dll
Resource
win10v2004-20240426-en
2 signatures
150 seconds
General
-
Target
InputInjectionBroker.dll
-
Size
90KB
-
MD5
a262f5a3cf3031882599896e50b67c61
-
SHA1
32e5d453e7838f90b827dba3aba4a52dccf504d2
-
SHA256
166ed6c94f01ee08d01e5157d2e8bca8488c9367c45971965e185138d7cb19bd
-
SHA512
206bfe9d5d4e6fceb66db6e5c6052ea6b088acd23e615a8d7e62b46a5cb5d7c62a168c0d288070d0b01d0ea8b1228b524a731548629f89f509dbefd47145b3a6
-
SSDEEP
1536:rYCwPQ+Yqw6qQmREBOw5LNGP0Ba+SFXH8pbLnYAMiW5Kqz+Jl4Gij:R+66qQmRE8w55YTrd8RLnfMigKqCrB
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5036 1568 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1240 wrote to memory of 1568 1240 rundll32.exe 81 PID 1240 wrote to memory of 1568 1240 rundll32.exe 81 PID 1240 wrote to memory of 1568 1240 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.dll,#12⤵PID:1568
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 6123⤵
- Program crash
PID:5036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1568 -ip 15681⤵PID:3276