70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521 | Triage

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:40

Sharing

Report Analysis Logs

General

Target

mimilib.dll
Size

50KB
MD5

d0a1828f64842dde399244d604ceea24
SHA1

875ba476ec3424f6a16db57306bdb57166a3f1a4
SHA256

70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521
SHA512

f113b0ebec33c4ff48c38d2abbf40fa6027bf6b0dbb9f154161724a55ef4c52bfa4c0be765ed35ac9886ed77cb7b50352d63e10ebc19e417c667fe967d24005a
SSDEEP

1536:/djLFi3O7O8dgejilIn0eiToL7SPNXiFoL7SPQ:/AO7O86ejilInzicfSPNXiGfSPQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4316	2576	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2576	5068	rundll32.exe	82
PID 5068 wrote to memory of 2576	5068	rundll32.exe	82
PID 5068 wrote to memory of 2576	5068	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mimilib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mimilib.dll,#1
  2⤵
  PID:2576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 624
    3⤵
    - Program crash
    PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2576 -ip 2576
1⤵
PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads