e3d9eda72f79e53ebc77380a5996033ae48f6ecf7146892a05b60602470b0c69 | Triage

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

18ee4c63310ed3cfb84b6301106c7d3a.dll
Size

2KB
MD5

18ee4c63310ed3cfb84b6301106c7d3a
SHA1

fbd5d3a007bef0d0cc091e9b8880b74c5ed6de04
SHA256

e3d9eda72f79e53ebc77380a5996033ae48f6ecf7146892a05b60602470b0c69
SHA512

82aac0db66a921895e9ef054ca4ebd8d17c167aa54b0f94839c3840a6c609db8460b6cdfcdfe54b3b0e1fa461d1a3981e5a32881958a8120c2fc8205c45ac25b

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4576	2144	WerFault.exe	51

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2144	2432	rundll32.exe	51
PID 2432 wrote to memory of 2144	2432	rundll32.exe	51
PID 2432 wrote to memory of 2144	2432	rundll32.exe	51

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18ee4c63310ed3cfb84b6301106c7d3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18ee4c63310ed3cfb84b6301106c7d3a.dll,#1
  2⤵
  PID:2144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 548
    3⤵
    - Program crash
    PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2144 -ip 2144
1⤵
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2144-0-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download