b122fcf8be633245b36f8cc864bc115b0f9aaa06486e16dd620333c88cfbf1b3 | Triage

Resubmissions

14-02-2023 14:22

230214-rpvyzaea55 10

14-02-2023 14:18

230214-rmqlgadd6s 3

Analysis

max time kernel
575s
max time network
511s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2023 14:22

Sharing

Report Analysis Logs

General

Target

n4B82OsK.dll
Size

434KB
MD5

2349a28eb53ad73503e3396e1c8c723c
SHA1

aed38e62e119b6fdc7aecb5ddb726f35ccd07468
SHA256

b122fcf8be633245b36f8cc864bc115b0f9aaa06486e16dd620333c88cfbf1b3
SHA512

670b9a15f907413b92d11193b74f829d2d6782e239d9ef2e1aadf8ccbc290fdeace9ae57e7d2997d44d6a309a093419c2dd1bfc071bc3c74f2316dbadb83422c
SSDEEP

12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgnA:VZ701RXT1wB4Irz0f9hND

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4748 4880 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

rundll32.execmd.exe

description	pid	process	target process
PID 632 wrote to memory of 4880	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 4880	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 4880	632	rundll32.exe	rundll32.exe
PID 4344 wrote to memory of 4324	4344	cmd.exe	rundll32.exe
PID 4344 wrote to memory of 4324	4344	cmd.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\n4B82OsK.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\n4B82OsK.dll,#1
2⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 600
3⤵
- Program crash
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4880 -ip 4880
1⤵
PID:4816

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4344

\??\c:\Windows\System32\rundll32.exe
rundll32.exe c:\Users\Admin\AppData\Local\Temp\n4B82OsK.dll,Wind
2⤵
PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4324-133-0x0000000000000000-mapping.dmp

Download
memory/4880-132-0x0000000000000000-mapping.dmp

Download