ca910fcedc3dfb807b879c00fba1bc5a1cff9213e8480de6585288d060aaf646 | Triage

Resubmissions

01/02/2023, 11:42

230201-nt6pgseh8t 3

01/02/2023, 11:41

230201-ntewrsda73 1

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/02/2023, 11:42

Sharing

Report Analysis Logs

General

Target

x.dll
Size

700KB
MD5

4d850acb4e9c9231be7fc41e7ef3194a
SHA1

dea568317bab21e0c1b17c0814722a905c6ca718
SHA256

ca910fcedc3dfb807b879c00fba1bc5a1cff9213e8480de6585288d060aaf646
SHA512

d3e96d84b8c877b9107517e463751e41094bc9a4d51edff7a451b2e2000c4cb3b2ed5376357251fc1b9cfed25d9dfdbcf3c315aff9967fb6b6d87713244001b0
SSDEEP

12288:4qwFxm3G6H4RyuHbR1MxnuTV/iV1Sd/NzQNfy:lwFxm3G6H4IuHbR1MxnuTV/iV1QmNf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
984	1080	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1160 wrote to memory of 1080	1160	rundll32.exe	27
PID 1080 wrote to memory of 984	1080	rundll32.exe	28
PID 1080 wrote to memory of 984	1080	rundll32.exe	28
PID 1080 wrote to memory of 984	1080	rundll32.exe	28
PID 1080 wrote to memory of 984	1080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\x.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\x.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 228
    3⤵
    - Program crash
    PID:984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download