975e29484b7352f00730ef3375a1a2e20b266908c9d3d687144b04fa9b347733

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2023 15:26

Target

2023-08-23_10a52a9686c877dbc1f2e4e39055290a_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

208KB
MD5

10a52a9686c877dbc1f2e4e39055290a
SHA1

1c793f9bb60a1b2ea5307977b503cdf684294c10
SHA256

975e29484b7352f00730ef3375a1a2e20b266908c9d3d687144b04fa9b347733
SHA512

64b9a6eea43c97b4d0b40067f0a3fa56bd507fb8595cefd4ed158e0a48f7cc0179def7340a7fa29e5b8f45186ba62ef59613a6e6b633abec76c4956f4740d2d7
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUw1kY5k:LIDff9D8C6XYRw6MT2DEjD

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3908 2564 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3908	2564	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2616 wrote to memory of 2564	2616	rundll32.exe	rundll32.exe
PID 2616 wrote to memory of 2564	2616	rundll32.exe	rundll32.exe
PID 2616 wrote to memory of 2564	2616	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_10a52a9686c877dbc1f2e4e39055290a_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_10a52a9686c877dbc1f2e4e39055290a_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
2⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 640
3⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2564 -ip 2564
1⤵
PID:1704