054516ec9653a0216348890d953c7367e441ec56311163ffac63b5c849237afd | Triage

Analysis

max time kernel
53s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2023 12:55

Sharing

Report Analysis Logs

General

Target

libGLESv2.dll
Size

5.3MB
MD5

cc19a92c9fdcf1158e228748a36135ad
SHA1

8c222e460af14a7763a97b2138d7520006af7aa6
SHA256

3a812953dffd7e10605ec021138b947c214bb2c5b82f095318cc8160ed9f575c
SHA512

b4d358f1c0e593743dabc0ace710f6f965086ce09098cb41d88e403ffbb7a15f254fbecd42edbe6d163b73c7147aad058586911b6da64bee8a707694bb4d17c4
SSDEEP

98304:nzcp8YzTvlb06LHjhkbOQRgJ6ysDnkMjbnOWbSKw:nzcp8Y1bPLHjiRXDnPa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4160	4824	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 4824	4292	rundll32.exe	81
PID 4292 wrote to memory of 4824	4292	rundll32.exe	81
PID 4292 wrote to memory of 4824	4292	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
  2⤵
  PID:4824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 588
    3⤵
    - Program crash
    PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4824 -ip 4824
1⤵
PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads