Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 12:07
Behavioral task
behavioral1
Sample
94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll
Resource
win10v2004-20240426-en
General
-
Target
94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll
-
Size
205KB
-
MD5
4b2a6d3194386cafefc4241abad66520
-
SHA1
1f7c4b5ca6606df23a848fae68890954cd198894
-
SHA256
94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d
-
SHA512
c622a1f6f443769a45fda5ddb32baf40bcb3a2c54a71f5e2d29eec3b910b63355d94065177b98ab2de01b45bca744f1db1fd368a70ba1d1edc3b68e46631be25
-
SSDEEP
3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUE5f5:v/MEfuN0t8C5oFsoeRM3o0jD
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3488 3180 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5084 wrote to memory of 3180 5084 rundll32.exe rundll32.exe PID 5084 wrote to memory of 3180 5084 rundll32.exe rundll32.exe PID 5084 wrote to memory of 3180 5084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3180 -ip 31801⤵