786fad562d1386bbbf106527aa598be15900c90fa8d0d7b979fb73343283d40c | Triage

Analysis

max time kernel
132s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:41

Sharing

Report Analysis Logs

General

Target

513b0537f026d86811a2bcd45cd9922f.dll
Size

219KB
MD5

513b0537f026d86811a2bcd45cd9922f
SHA1

11a2b95e340cd061422c3b35dbbdd06b9e493f96
SHA256

786fad562d1386bbbf106527aa598be15900c90fa8d0d7b979fb73343283d40c
SHA512

a53a706e1dde3f2e4275136820ff6659d80ce170587fa3c3f79cefc16dbcc41b03cad79b627cf167be761598067763af1c56d3d4cabf3474866978c97e838c05
SSDEEP

6144:tSk3LkwzFFFGQx3F2S8GRBJ6VcSRnmQoHJUv:tSdsFFJ05U6V/RnPopU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 2716	3432	rundll32.exe	90
PID 3432 wrote to memory of 2716	3432	rundll32.exe	90
PID 3432 wrote to memory of 2716	3432	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\513b0537f026d86811a2bcd45cd9922f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\513b0537f026d86811a2bcd45cd9922f.dll,#1
  2⤵
  PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2716 -ip 2716
1⤵
PID:5028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads