f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411 | Triage

Analysis

max time kernel
78s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2023 00:24

Sharing

Report Analysis Logs

General

Target

Undertale/lua5.1.dll
Size

322KB
MD5

c3f5f4a1fb69b5889f0bbb313cf6017f
SHA1

e4f592cfbd62a3c3caf27177ccea5a77afa649bb
SHA256

769416fa7edf38e91a55f4f7163914ee4aad9c8c890ed641c300b73157acac45
SHA512

e17d3be36fd2ba892d945f3737ebffdefe6d476224ef3459b567579971559a048a886941f57ae671b3df32844f99575a14c72ef8c49c2d4b1e8352204ccc05ab
SSDEEP

6144:+kn2LG5bwf92+0HiDhAqUS0aMkhwfDRAOj+JzOg7Fp:72x2cdUhZcIDR8xhp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1400	4616	WerFault.exe	46

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4616	4300	rundll32.exe	46
PID 4300 wrote to memory of 4616	4300	rundll32.exe	46
PID 4300 wrote to memory of 4616	4300	rundll32.exe	46

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Undertale\lua5.1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Undertale\lua5.1.dll,#1
  2⤵
  PID:4616
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 600
    3⤵
    - Program crash
    PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4616 -ip 4616
1⤵
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads