e198d553f52a82951f97cee56c56b5fae7ef02658b846d203a95bc5d08405476 | Triage

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 14:37

Sharing

Report Analysis Logs

General

Target

017e0d7ec53c3310a2529c5bb7bf878c.dll
Size

2KB
MD5

017e0d7ec53c3310a2529c5bb7bf878c
SHA1

3377a01e8ed548d305f98e32d1e2644cf043dec3
SHA256

e198d553f52a82951f97cee56c56b5fae7ef02658b846d203a95bc5d08405476
SHA512

f9150b95689c78e624440ee17fb14a761f0dce1326e8b086e63415875a5bdf3550772d963855ee55fe400a5bd4ec0afc96995fc8941fffcc7474bc4360e9dbae

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4304	1092	WerFault.exe	18

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 1092	984	rundll32.exe	18
PID 984 wrote to memory of 1092	984	rundll32.exe	18
PID 984 wrote to memory of 1092	984	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\017e0d7ec53c3310a2529c5bb7bf878c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\017e0d7ec53c3310a2529c5bb7bf878c.dll,#1
  2⤵
  PID:1092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 560
    3⤵
    - Program crash
    PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1092 -ip 1092
1⤵
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-0-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download