f366d535c63702f7412cfe4ec1c63edc3dd86c44f2d42ce9e6cfd63cec78d930 | Triage

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 11:44

Sharing

Report Analysis Logs

General

Target

WCUtil.dll
Size

180KB
MD5

c96b50cd072d1d1a556051adce915c73
SHA1

84d7c53e64c9b3c900f78d0749196f5c61c78e25
SHA256

f366d535c63702f7412cfe4ec1c63edc3dd86c44f2d42ce9e6cfd63cec78d930
SHA512

a1d4ba93d8963b6c7c758eeb97184828d484e48c9ee7c422050cda98d4d61474985e93e50d67a99dbc5d7a715a1b30a1cda7fbb7a14328da4bed9e4d3f203cf8
SSDEEP

3072:I74+blpt+wsxMl1NqAc5iSttkClpelrlL3bVaKoXAxOPYe:I74elpowsxizqyStZlpel5jyAxOPF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1912	1824	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 1824	1844	rundll32.exe	86
PID 1844 wrote to memory of 1824	1844	rundll32.exe	86
PID 1844 wrote to memory of 1824	1844	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WCUtil.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WCUtil.dll,#1
  2⤵
  PID:1824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 540
    3⤵
    - Program crash
    PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1824 -ip 1824
1⤵
PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads