ed5ca12fbf7cfc3e3a98e31f2b311e20b2c34d06e6e0a7d569666cb5ca01da8f | Triage

Analysis

max time kernel
39s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08-02-2023 09:51

Sharing

Report Analysis Logs

General

Target

amtlib_v10.0.0.221.dll
Size

2.9MB
MD5

b6e4b49463a79182c790d8cb654dd6e4
SHA1

440fb487390618541faeb99809eb3c6e87afce67
SHA256

ed5ca12fbf7cfc3e3a98e31f2b311e20b2c34d06e6e0a7d569666cb5ca01da8f
SHA512

08c7bff53d18756a178cdfbbd17360db20269cae854dc28a9a5e5f87d608390577624329af0d1d0ba1ee26f4f30a871692a89e085fa236efda0b749e5ad9619c
SSDEEP

49152:SUpAvB58NiecafyaC2CJtPp/DhHOw5C2RubhI:7YMzctxJb79OrG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	872	WerFault.exe	21

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\amtlib_v10.0.0.221.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 872 -s 184
  2⤵
  - Program crash
  PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads