Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/03/2025, 09:01
Static task
static1
Behavioral task
behavioral1
Sample
fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll
Resource
win10v2004-20250314-en
General
-
Target
fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll
-
Size
473KB
-
MD5
87db44a4b6f66ede12c38f4cfdc53cfa
-
SHA1
dd660f3a830a403c450601a09abfdb8389bf2f32
-
SHA256
fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed
-
SHA512
c635ee6b5745ba7929afa36d0464ed63fdf3444fbf028a15ece6f5a3358be95b600f54d051a2dca27ff2ce7a0469aa96d07fbda81f1ecb8bab8a14098007b81b
-
SSDEEP
12288:98VRHw8I16uB4U33kLiSJ14NECsPrMASVf:98fHwDRB4U33k31TCdVf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1860 wrote to memory of 2388 1860 rundll32.exe 30 PID 1860 wrote to memory of 2388 1860 rundll32.exe 30 PID 1860 wrote to memory of 2388 1860 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fe6531d4c558468fd3ee617c93d14a1006af2c088d6fbc23c9660a77592e30ed.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1860 -s 802⤵PID:2388
-