4a8862d41d74bb81df8aaad2664922e2afc22b0cbfe682894441f7ddbf07f30a

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2023 11:33

Target

2023-08-23_d12d9bcdb6f25681c8b84907e440f5ab_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

203KB
MD5

d12d9bcdb6f25681c8b84907e440f5ab
SHA1

a83407324e2f5c70c7fb9e9c03869942bddc3b5f
SHA256

4a8862d41d74bb81df8aaad2664922e2afc22b0cbfe682894441f7ddbf07f30a
SHA512

02ae948f4744f22d0e9543b24774c5ff8bbd9f60e9d7f7f1debb1aa5ce051afbb4dc95340aa3428164a430fc448f11383f197b56a0b25edac2780de8f4603390
SSDEEP

3072:PYaW8qUEflaASmkDs1oo8CUS5D+u73vqQ+z+F62hAxquMfgj5jdUH57R:PFHEfoAaDQoo8CUwxTvhU+F66fgVj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4624 2156 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4624	2156	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3108 wrote to memory of 2156	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 2156	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 2156	3108	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_d12d9bcdb6f25681c8b84907e440f5ab_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-23_d12d9bcdb6f25681c8b84907e440f5ab_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
2⤵
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 640
3⤵
- Program crash
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2156 -ip 2156
1⤵
PID:2608