Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 04:02
Static task
static1
Behavioral task
behavioral1
Sample
0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff.dll
Resource
win10v2004-20240508-en
General
-
Target
0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff.dll
-
Size
477KB
-
MD5
2173fb860c578c32e1ec380052b4c1aa
-
SHA1
8428b52a1537ba7c85829e7dbd18828032c31e62
-
SHA256
0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff
-
SHA512
eb513351c19b3a7f56185b02d9c373b4f1f579a115579bba0508a8c30014d302cbb7461c6ff2f723ffb6d0e469ce22e186cc3fea3f8785d3d158521f67d15fe2
-
SSDEEP
6144:0wV0hh7Vo8qg93YEzND4NK+KpyBr22N7iWQThQyvtDPth8fGVUBtf:0V3qg93tzNDMvy4r22LWI7f
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4688 3068 WerFault.exe 90 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3248 wrote to memory of 3068 3248 rundll32.exe 90 PID 3248 wrote to memory of 3068 3248 rundll32.exe 90 PID 3248 wrote to memory of 3068 3248 rundll32.exe 90
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3b10b0c9aa58934750f7e5d8c6519eff1f0b64298b4e32c8db666f5a5e40ff.dll,#12⤵PID:3068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 6323⤵
- Program crash
PID:4688
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3068 -ip 30681⤵PID:2784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:81⤵PID:1336