1566b9d322578f6f367ec174c6c137c0ac3fb99d7c1f412b9d850d4a82baf62a | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 05:28

Sharing

Report Analysis Logs

General

Target

LOL/lua51.dll
Size

22KB
MD5

e1ec4dffc4d737e6e87d797a96692b24
SHA1

256cfe42f6374ecbc7e8cad3b421bef5a6a98e06
SHA256

4c06c1fe4d85f014b03bca843137d387510bedd52e3ec755edee878e0fabcee9
SHA512

710c1349ed1f24e7e89b0b7905f91ab84c6208216a95a24cd26a38db6c8282d6545eab6a2e4389fffdd502bcc020089591b7921552683accbe57ff2da6d0b4b2
SSDEEP

384:Jn9ZPvqr0uzu8meYyOd8cqsT9QwHFYfKfG+imspsAfG+i+bSiBx:J+AuC8meYye8cqS9QyFYifjimwfji+bn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2024	2172	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 3032 wrote to memory of 2172	3032	rundll32.exe	28
PID 2172 wrote to memory of 2024	2172	rundll32.exe	29
PID 2172 wrote to memory of 2024	2172	rundll32.exe	29
PID 2172 wrote to memory of 2024	2172	rundll32.exe	29
PID 2172 wrote to memory of 2024	2172	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua51.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 224
    3⤵
    - Program crash
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads