d1a4dc15a7396670b93d6a28ea2b3a54a8f19181aed1bbdb6ae1cbe28152c060 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-01-2023 16:47

Sharing

Report Analysis Logs

General

Target

copillwonv/strapping.dll
Size

788KB
MD5

15dd0873cb6bef0c8e89a0319a202c3a
SHA1

6b49af73134d502d35d81cb978075761dc3b71fa
SHA256

180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
SHA512

3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200
SSDEEP

12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1960 836 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 836 wrote to memory of 1960	836	rundll32.exe	WerFault.exe
PID 836 wrote to memory of 1960	836	rundll32.exe	WerFault.exe
PID 836 wrote to memory of 1960	836	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\copillwonv\strapping.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 836 -s 92
  2⤵
  - Program crash
  PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-54-0x0000000000000000-mapping.dmp

Download