0f9d29c5aba9b7cc04acc5d678ebed5f7f34c175fa723f9a2e39570d83eb0187 | Triage

Analysis

max time kernel
106s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2023, 11:24

Sharing

Report Analysis Logs

General

Target

unhandled.dat.dll
Size

760KB
MD5

5f37a24c00956cc3a84cbacfcff51b89
SHA1

17e656581da4999e47743bd3acde82c70a92d431
SHA256

0f9d29c5aba9b7cc04acc5d678ebed5f7f34c175fa723f9a2e39570d83eb0187
SHA512

454f69515bfa21f23d1f03570b8692e52deaa63320c776b89e285ac0b8b38479e8bcbfb97caf1dc9f03e540bb97fef5ff86256932b816add0c191f670371252a
SSDEEP

12288:IvXYcP7kXn89DhAw1SUN3RFEycMFSDXxqEbfTMvFqKHOw3K0ch:GvTkXnyDyORDccmEs7Mtq5v0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4852	2968	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2968	2080	rundll32.exe	85
PID 2080 wrote to memory of 2968	2080	rundll32.exe	85
PID 2080 wrote to memory of 2968	2080	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\unhandled.dat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\unhandled.dat.dll,#1
  2⤵
  PID:2968
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 600
    3⤵
    - Program crash
    PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 2968 -ip 2968
1⤵
PID:4100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads