9877f703ce3fb9669d656d24726159b616b2df25522225bf41bfafe89954c58a | Triage

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2023, 07:48

Sharing

Report Analysis Logs

General

Target

test.dll
Size

966KB
MD5

1aa2fb5e420379a7a50cd650232c6a08
SHA1

e9bb12599f60032a160a00a04203bd73680940cd
SHA256

9877f703ce3fb9669d656d24726159b616b2df25522225bf41bfafe89954c58a
SHA512

f908c146cc7299815424debe4d40643864ce442eb30adf148ce05dc2f48e8a9db0697943af55b1c5260f5341ebce57cd804a7b19e71b66510bac085a3f800a59
SSDEEP

24576:FNtiWRtuKKPAq5NY6VxFKolweGUbqf9CTfO3eo2:FNttRtuKQ/V7cejNpo2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4164	1244	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 1244	4504	rundll32.exe	85
PID 4504 wrote to memory of 1244	4504	rundll32.exe	85
PID 4504 wrote to memory of 1244	4504	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.dll,#1
  2⤵
  PID:1244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 600
    3⤵
    - Program crash
    PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1244 -ip 1244
1⤵
PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads