0923d870f09dd954daef29544c8a7d0670a2a9d931d4f40bef17567618d2fee7 | Triage

Analysis

max time kernel
90s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/01/2023, 17:21

Sharing

Report Analysis Logs

General

Target

ReShade64.dll
Size

3.2MB
MD5

e04a8e027b6605bd235250daa1ac9a30
SHA1

8da0985e3368fceaf02c46b5bee6fe46c4d28612
SHA256

28205140b368210fafc64f96aea135d9f3a27ba45ab5a33cc1926750643cfa47
SHA512

f0623b0165716a6409e770f1df0fb205aec0fdf7638aec388c1993f42171da0f96195fc765deeaf70acf60e967c69cfdc7a9552b7c31bcdb2e4aa883875549c8
SSDEEP

49152:wcmWV89dMmvDkBYTyGzJAVp/KyQOBOXxW7BvwIdmr6nTjzzKuJc:hmvDsGuVEQBOMRVUR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3412	1000	WerFault.exe	77

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe
1000	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ReShade64.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1000 -s 352
  2⤵
  - Program crash
  PID:3412

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 1000 -ip 1000
1⤵
PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads