Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-06-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca.dll
Resource
win10v2004-20240508-en
General
-
Target
7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca.dll
-
Size
636KB
-
MD5
f9555f1a60106a41b9f527bf86bf2842
-
SHA1
2cd758947132a2208101e86fac9478fce610813f
-
SHA256
7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca
-
SHA512
6f84708b1f9f8743f01e3a6a81f254988c2fc83c6ca33336a7a139e8a349f7a77182290038fafaff2fa3057f2e2fb5f09d53fc874985d242501471af5cd3fbce
-
SSDEEP
6144:t87P/lGV9CrDE0UXLBdcbns5HKFygjCBGUhoO4jsRiljfNtoS9YiUyx1NKOEqcYt:t8DlGV4rDE0UXLUb8gjCBGXRNthbD1c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3024 2932 rundll32.exe 28 PID 2932 wrote to memory of 3024 2932 rundll32.exe 28 PID 2932 wrote to memory of 3024 2932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2932 -s 1202⤵PID:3024
-