51c99f2acaed695722a40f35ebef989a5da966ed4b11c4e7087a895fc7f157a0 | Triage

Analysis

max time kernel
139s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 00:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c9266e8cc936ec45c7b85f1afadb10a.dll
Size

132KB
MD5

1c9266e8cc936ec45c7b85f1afadb10a
SHA1

18a42958c3da4de57e0da3782ca9306c7f31decc
SHA256

51c99f2acaed695722a40f35ebef989a5da966ed4b11c4e7087a895fc7f157a0
SHA512

9477411ef837831073b74d23a9b909364826a44718746b313add1f9283c10b0c285b8f37f21e3a0dd9c7e8134fb95792266ea094ce5638a8e30b15a3b3cec1da
SSDEEP

3072:4k4R+qF7AZ0H73mIZ0r6EnCyoY8Xb8Y+o/:4vR+ahHbfy7/Yn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
456	4052	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 4052	1396	rundll32.exe	88
PID 1396 wrote to memory of 4052	1396	rundll32.exe	88
PID 1396 wrote to memory of 4052	1396	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c9266e8cc936ec45c7b85f1afadb10a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c9266e8cc936ec45c7b85f1afadb10a.dll,#1
  2⤵
  PID:4052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 568
    3⤵
    - Program crash
    PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4052 -ip 4052
1⤵
PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4052-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/4052-1-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download