f3ee0df460f1897cf08b9eed517ec0c42a4363a1337a290a78ccd47bcc7fb430 | Triage

Analysis

max time kernel
145s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:46

Sharing

Report Analysis Logs

General

Target

13a1ab62b6c0c163856538d395105fef.dll
Size

216KB
MD5

13a1ab62b6c0c163856538d395105fef
SHA1

189aaccc598356f144e080a49d63c14297be4ae7
SHA256

f3ee0df460f1897cf08b9eed517ec0c42a4363a1337a290a78ccd47bcc7fb430
SHA512

a1b420e799f539f8140bb06053eb0a6571d94fdc8959701c1130915c31c319513d718aae2e8d16db1389fa7441c3673a93c096a321d1e6f5d21ba7e746f8421e
SSDEEP

3072:KbGBGspQvNKRGCFOQ70d/SRY604pM2bi7l+St5RKo:KbCGspQMGCk1dJ+Y7lp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4204	876	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 876	1676	rundll32.exe	14
PID 1676 wrote to memory of 876	1676	rundll32.exe	14
PID 1676 wrote to memory of 876	1676	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13a1ab62b6c0c163856538d395105fef.dll,#1
1⤵
PID:876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 592
  2⤵
  - Program crash
  PID:4204

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13a1ab62b6c0c163856538d395105fef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 876 -ip 876
1⤵
PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads