6566596440fea122c3700cb59050ae2000621d85a7616e441b972e9c15d48d3f | Triage

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 13:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Trojan-Ransom.Win32.Cidox.dll
Size

42KB
MD5

d6a3882f425bb4c68d8c173520b9147b
SHA1

1f9fe69eb6e3d8e2f62c82d21e93f17659d49ed2
SHA256

6566596440fea122c3700cb59050ae2000621d85a7616e441b972e9c15d48d3f
SHA512

24a5d55dac78b881044229d3e1f7ed9adec9a2aac028adb4ce0f48414f8998b45f0c653f67c8216fbb4376cb9484f84db53b43addd1900eee8600a7c0f9170a7
SSDEEP

768:/jqNLi1K/X23ezBxYdZOo55L92k1/+SJOydXm1o9Iv:/jCLi1OXpjYeg5L9V1/+6h2o2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3516	3584	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 3584	2640	rundll32.exe	81
PID 2640 wrote to memory of 3584	2640	rundll32.exe	81
PID 2640 wrote to memory of 3584	2640	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Cidox.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Cidox.dll,#1
  2⤵
  PID:3584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 664
    3⤵
    - Program crash
    PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3584 -ip 3584
1⤵
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3584-133-0x00000000028B0000-0x0000000002986000-memory.dmp

Filesize
856KB

Download
memory/3584-134-0x00000000028B0000-0x0000000002986000-memory.dmp

Filesize
856KB

Download