00c677f00271c62b827d1164620fde0d9a7ff7c60dec020a7bf476fa8f40e228 | Triage

Analysis

max time kernel
241s
max time network
239s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:11

Sharing

Report Analysis Logs

General

Target

seeex/896.dd.02b96000_5c00.dll
Size

23KB
MD5

9f944e42fe6f45472d52f4f2115c4fbe
SHA1

eb355667980628750ed008a00d3c03dd9f9e6fcb
SHA256

3a499d602c1585e5a23d65a3b01c9c597bd3f45bb2a44fa879c63f903cd86cbb
SHA512

4c442196edcc384249c76c4f727bc70eeabe908c56a2b239eb25eec25c80d0a29ba4fb78bf34f639194b5f822f6f5607ee017b90848dc236507bc90aab83bc58
SSDEEP

384:tYYekYHoPdlfepEGBS7lsXhQbNj4p0do:tikCcdloS7OxQbN2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4576 wrote to memory of 4432	4576	rundll32.exe	WerFault.exe
PID 4576 wrote to memory of 4432	4576	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\seeex\896.dd.02b96000_5c00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4576 -s 240
2⤵
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...