1566b9d322578f6f367ec174c6c137c0ac3fb99d7c1f412b9d850d4a82baf62a | Triage

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 05:28

Sharing

Report Analysis Logs

General

Target

LOL/lua51.dll
Size

22KB
MD5

e1ec4dffc4d737e6e87d797a96692b24
SHA1

256cfe42f6374ecbc7e8cad3b421bef5a6a98e06
SHA256

4c06c1fe4d85f014b03bca843137d387510bedd52e3ec755edee878e0fabcee9
SHA512

710c1349ed1f24e7e89b0b7905f91ab84c6208216a95a24cd26a38db6c8282d6545eab6a2e4389fffdd502bcc020089591b7921552683accbe57ff2da6d0b4b2
SSDEEP

384:Jn9ZPvqr0uzu8meYyOd8cqsT9QwHFYfKfG+imspsAfG+i+bSiBx:J+AuC8meYye8cqS9QyFYifjimwfji+bn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1656	3340	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 3340	3124	rundll32.exe	90
PID 3124 wrote to memory of 3340	3124	rundll32.exe	90
PID 3124 wrote to memory of 3340	3124	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua51.dll,#1
  2⤵
  PID:3340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 604
    3⤵
    - Program crash
    PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3340 -ip 3340
1⤵
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads