2618c36d81bc29b3a3c679e61c7d8499305862bc97e961d0429b069d4e44b8fb | Triage

Analysis

max time kernel
195s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 18:30

Sharing

Report Analysis Logs

General

Target

api-ms-win-power-setting-l1-1-0.dll
Size

64KB
MD5

da3d6b8a88dcc17148faf83eb7d6e896
SHA1

f1b874f04f29ae87be17bf4dc9b7f0a3b9983936
SHA256

2618c36d81bc29b3a3c679e61c7d8499305862bc97e961d0429b069d4e44b8fb
SHA512

94cf440265d488c981734ff7a27da0b34e803ace90153bd83a54b1db411ea7daf633f18e439b0ef91d891cd982670c4036b84672dfc1284fbbe5a148a1a793b6
SSDEEP

192:IBeoV/dCP9dRqedJBgZV4ClsZo5HrmqWZFIj99:I4omP5pCwGWFIj3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1364	1636	WerFault.exe	17

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1364	1636	rundll32.exe	28
PID 1636 wrote to memory of 1364	1636	rundll32.exe	28
PID 1636 wrote to memory of 1364	1636	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-power-setting-l1-1-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1636 -s 152
  2⤵
  - Program crash
  PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-54-0x000007FEFBD70000-0x000007FEFBD7F000-memory.dmp

Filesize
60KB

Download