61c1d9c410d3128276e10ffed5caf9c53c62fc91b2d4cb175a9af41c907f0764

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2023 15:59

Target

2023-08-23_535ca62f8774e763efd9168a3877b3cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

203KB
MD5

535ca62f8774e763efd9168a3877b3cc
SHA1

e147f55995e459acaba97a7db939ab57ea26eda3
SHA256

61c1d9c410d3128276e10ffed5caf9c53c62fc91b2d4cb175a9af41c907f0764
SHA512

cc8a95260e72b93cc2303eb89dc14aa0f86d71fabc7bc0597229a1b905a811884b851a94ee2be789ee718dd01072e0c167e1c1c0b119204f92ebc99e21ac93bb
SSDEEP

3072:PYaW8qUEflaASmkDs1oo8CUS5D+u73vqQ+z+F62hAxquMfgj5jdUO5YK:PFHEfoAaDQoo8CUwxTvhU+F66fgVj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2724 2696 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2724	2696	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2408 wrote to memory of 2696	2408	rundll32.exe	rundll32.exe
PID 2408 wrote to memory of 2696	2408	rundll32.exe	rundll32.exe
PID 2408 wrote to memory of 2696	2408	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_535ca62f8774e763efd9168a3877b3cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_535ca62f8774e763efd9168a3877b3cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
2⤵
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 632
3⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2696 -ip 2696
1⤵
PID:1308