Analysis
-
max time kernel
146s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 21:34
Behavioral task
behavioral1
Sample
MyLink/MyLink.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
MyLink/MyLink.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
MyLink/MyLink.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
MyLink/MyLink.exe
Resource
win10v2004-20240226-en
General
-
Target
MyLink/MyLink.dll
-
Size
404KB
-
MD5
8a64a5a185ba4c5a40640467dc839f68
-
SHA1
47c3c088a3d2b31330a26b38956787982082bd73
-
SHA256
29645650fa2050b364405e787b94fb24d943558eb5eebf3a15c5f336c19f4c70
-
SHA512
188e492a8fc1a608e5bc321100c3fc5fe4ab60df7f68f71f5b5438996e4aeabb833033abff8e9523aa12e0cdc2d05ee122f9fb65922ddd2e13454ed4413738a4
-
SSDEEP
12288:tWAQoGCxqeu/JmO1Hg6nVfLoD83LlSC1Gdw:t9QoGIqRVgg1j3Jp
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3916 1592 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2932 wrote to memory of 1592 2932 rundll32.exe rundll32.exe PID 2932 wrote to memory of 1592 2932 rundll32.exe rundll32.exe PID 2932 wrote to memory of 1592 2932 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\MyLink\MyLink.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\MyLink\MyLink.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 6003⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1592 -ip 15921⤵