Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 18:39
Static task
static1
Behavioral task
behavioral1
Sample
213346f53036ff7d04e1074c0e716f18425a109ecc8526e48364f38c7bdd153e.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
213346f53036ff7d04e1074c0e716f18425a109ecc8526e48364f38c7bdd153e.dll
Resource
win10v2004-20240611-en
General
-
Target
213346f53036ff7d04e1074c0e716f18425a109ecc8526e48364f38c7bdd153e.dll
-
Size
21KB
-
MD5
eb862478c80e6c8667313505f3473785
-
SHA1
e8575945a40d7e4a4c21888bb9c5972d5a7a8f52
-
SHA256
213346f53036ff7d04e1074c0e716f18425a109ecc8526e48364f38c7bdd153e
-
SHA512
6aac7f1c5a069027607665afd906c7e46484f38b9995ada0ea20f608fddcdc69036b0d65ab3ace1c90d8a8dbc46da184f50d210c1d2c52705f16ee039d1a4bd0
-
SSDEEP
384:SLnYq9+U5DrTE3gflV0Cs2lbiUPXhkZi4VNxtgqjAIqj5qjNqjaJlplpjpKtU:0VIUQGlfPUNxyqjAIqj5qjNqjQzRKm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1232 wrote to memory of 2116 1232 rundll32.exe WerFault.exe PID 1232 wrote to memory of 2116 1232 rundll32.exe WerFault.exe PID 1232 wrote to memory of 2116 1232 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\213346f53036ff7d04e1074c0e716f18425a109ecc8526e48364f38c7bdd153e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1232 -s 802⤵PID:2116