5ec214ec9d1e2792eb71199f0e48a103cb721986348f7f1b6055eda38ff2d625 | Triage

Analysis

max time kernel
161s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
25/10/2023, 08:00 UTC

Sharing

Report Analysis Logs

General

Target

jli.dll
Size

10.6MB
MD5

22956039f6d451483dd19798cb9626c5
SHA1

07a9216385818b1c70e630518e7488a4bad0c836
SHA256

11d34ccf311799710f1cf4b6af95d01f7fd89d52acd40e163a1d9bb27ff45098
SHA512

d665b942d49759da1dd34bcba2ebe8350691be19d134b422bcf0b4409c02a4e90fdbe030f0d4af1be13466fc7b28a010eef5e8fae253d17b3e62d2d652c1cacd
SSDEEP

98304:ov7vNwagivQOMmP1npDYMe5bSewalZLCwpokCFCxJD9LK2:orSagiv7MmHDW5x

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1440	2744	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 1788 wrote to memory of 2744	1788	rundll32.exe	27
PID 2744 wrote to memory of 1440	2744	rundll32.exe	28
PID 2744 wrote to memory of 1440	2744	rundll32.exe	28
PID 2744 wrote to memory of 1440	2744	rundll32.exe	28
PID 2744 wrote to memory of 1440	2744	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jli.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\jli.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 284
    3⤵
    - Program crash
    PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x0000000002050000-0x0000000002AFC000-memory.dmp

Filesize
10.7MB

Download
memory/2744-1-0x0000000002050000-0x0000000002AFC000-memory.dmp

Filesize
10.7MB

Download