Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26-11-2024 07:13
Behavioral task
behavioral1
Sample
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll
Resource
win10v2004-20241007-en
General
-
Target
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll
-
Size
304KB
-
MD5
f4aec990ae46a6443ef7348de73035d0
-
SHA1
4556bf2ff9d76febce758cae54ee0f836e8d5260
-
SHA256
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45
-
SHA512
cabd7605613e01e9595ab18a5f6e4f66c44c4323620817de19e045e9274b46191b976cb8368da4cbe3b00c40e8fd98db5b99ae076d0d6107a07ef1543f30de74
-
SSDEEP
3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/eSbVjYJBaXM6ENeHnaH:TJwpYVNcn3pTdNe+WXViBjBNH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 2336 wrote to memory of 1948 2336 rundll32.exe 30 PID 2336 wrote to memory of 1948 2336 rundll32.exe 30 PID 2336 wrote to memory of 1948 2336 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2336 -s 522⤵PID:1948
-