Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09-06-2024 06:33
Behavioral task
behavioral1
Sample
618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5.dll
Resource
win7-20240419-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5.dll
-
Size
208KB
-
MD5
050b0c7b6712055773d2bd913279c3eb
-
SHA1
81d4825ecaece8e7ef7c24da070deb317742d976
-
SHA256
618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5
-
SHA512
e1016f079b00b388ee5d394cd63c0bb32b435af3b45782621d6c014408b0cd02f58d649140c0b4997268c74d897de0d13b48277a882ae61d0a10bafbf7784195
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUwY5c:LIDff9D8C6XYRw6MT2DEj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3972 960 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3544 wrote to memory of 960 3544 rundll32.exe rundll32.exe PID 3544 wrote to memory of 960 3544 rundll32.exe rundll32.exe PID 3544 wrote to memory of 960 3544 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\618e80ad34695991b4507e9017db6a06655e77d617e4808f558295243f88e3c5.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 6403⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 960 -ip 9601⤵