0a06fb2cbb200a1ab76de4b4e5fe2284932b0c65707ab304921ea2d739ea90da | Triage

Analysis

max time kernel
66s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 22:59

Sharing

Report Analysis Logs

General

Target

LiveChartsCountries.dll
Size

59KB
MD5

740659d4411bcf877f27217a2710b874
SHA1

9df5c0d033e49026995e846fe27e1ab4955d43b1
SHA256

f6e951697226a85e8ad11578a20a0de8c1923afbc69dfce3f0e10ea823d54c1a
SHA512

96d810233dc40915d06c9adf6f49a62be8321a0ea6ace3c139922272dcf543e48b041b341694c126727e37e7a4ca1bd4ba7395ca18d998f629e87aa409c36b37
SSDEEP

1536:E3VBdmmdVR/GF3VZC/owI8bbS56VX1xPzSoE3xy:EFDht/GF3VZC/xdu6VlxPzhIxy

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2780 1292 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4684 wrote to memory of 1292	4684	rundll32.exe	rundll32.exe
PID 4684 wrote to memory of 1292	4684	rundll32.exe	rundll32.exe
PID 4684 wrote to memory of 1292	4684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiveChartsCountries.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiveChartsCountries.dll,#1
  2⤵
  PID:1292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 1008
    3⤵
    - Program crash
    PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1292 -ip 1292
1⤵
PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-133-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download