9239931f6208be5b6e934b6aad575952f28cf90eb8887d9c09c8014f374c0619 | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-09-2022 03:35

Sharing

Report Analysis Logs

General

Target

GamePlugin.dll
Size

2.9MB
MD5

651a491c8a0e82f8f9c445de25d94ea7
SHA1

da9c800e0b59a0b2065caad718d99156692c1cb1
SHA256

909d7e8d7764e3cf8864e167589dcccaac24fa51a1104d5cd698c4a861e251c5
SHA512

425a49b39a4aa09fa55781dfda5e3406cddf80c765c8d3dd1f76b180d269d70d33fe6dd6d1000964cd484d69d7dcf4f979f84e7b702bfcc3c9cf53751086a1d3
SSDEEP

49152:OBLGnxELQe7Bb5vZ3mfGsiWlE5TtIMdKoh+P8zyDLL2DA+X5f2Braj1Lnt:wLGmLVmM4waiR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1804	1932	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1932 wrote to memory of 1804	1932	rundll32.exe	28
PID 1932 wrote to memory of 1804	1932	rundll32.exe	28
PID 1932 wrote to memory of 1804	1932	rundll32.exe	28
PID 1932 wrote to memory of 1804	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GamePlugin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GamePlugin.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 364
    3⤵
    - Program crash
    PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-55-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download