0c7efb95b83a40e60c5d614337e753bfa696b472ece810bf2f98c6299537ac7e | Triage

Analysis

max time kernel
169s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 16:06

Sharing

Report Analysis Logs

General

Target

04e14b4d4f6cf5a81b3c2b12489b3574.dll
Size

580KB
MD5

04e14b4d4f6cf5a81b3c2b12489b3574
SHA1

f905bed4a23c7cbfdce25494620aec268353910d
SHA256

0c7efb95b83a40e60c5d614337e753bfa696b472ece810bf2f98c6299537ac7e
SHA512

3acbcc3ed55ace7e900cfb07d098248c7e5f1ee2e27bc85f2e0d845bc06702cef90011ea6f86017808753ddc13a8397ab6d676be9fa78ef2a3af8afd3c9921a8
SSDEEP

12288:nP1o2Fvn5WFHAiBY16LUizvAgxnnumXSAAbR5:P1PnQFU6LUizA0numX5Abf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4608	5052	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 5052	1600	rundll32.exe	88
PID 1600 wrote to memory of 5052	1600	rundll32.exe	88
PID 1600 wrote to memory of 5052	1600	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e14b4d4f6cf5a81b3c2b12489b3574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e14b4d4f6cf5a81b3c2b12489b3574.dll,#1
  2⤵
  PID:5052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 672
    3⤵
    - Program crash
    PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5052 -ip 5052
1⤵
PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5052-0-0x00000000027A0000-0x0000000002824000-memory.dmp

Filesize
528KB

Download