Analysis
-
max time kernel
92s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 10:25
Behavioral task
behavioral1
Sample
80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll
-
Size
242KB
-
MD5
147d2008d5152c7efcac9fea16cad4a3
-
SHA1
9eda9cacafd8109b1208fd3812e4dc31622728dd
-
SHA256
80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf
-
SHA512
6522507c7293c1733a5779275296806d42d180bd2f1fb742ecd202f1fc360c27b6cdb8a411e2860920b555d3598af29b82a94df8b25a152c91a9f7fc30cb83d6
-
SSDEEP
3072:1mkH4V2aLdAJJ5WcZW4TH25KXs8o66yWpQJU6fUzpqtcWGQT0Jkegj9Uwb549Xbu:Ykvae5Wck4CAal6U6MzJk7j1iaRH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 400 5108 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3080 wrote to memory of 5108 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 5108 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 5108 3080 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 6323⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5108 -ip 51081⤵