96b313f37530f76b9ed888e9f796c4bc476aa46d6995318ad24ddf7633265e9e | Triage

Analysis

max time kernel
192s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 13:29

Sharing

Report Analysis Logs

General

Target

7288d68b6ca96c207603106735df270f.dll
Size

42KB
MD5

7288d68b6ca96c207603106735df270f
SHA1

6619e2c3dfb864b394ccd94c079b393aa2258ecc
SHA256

96b313f37530f76b9ed888e9f796c4bc476aa46d6995318ad24ddf7633265e9e
SHA512

60d3487ac23303272346eec8751f75aa5ad92742dfa0b9109f971334a52fb8c1db024e6f0ebb6489854dac7ce397a563512b79e783713806d296bed9354b0198
SSDEEP

768:7wlgrXCa2eysN4rjBnGLIfqhohqAbdyLb1o9yia:jr/2wN4NG0SChXb81oYi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	4948	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 4948	5116	rundll32.exe	90
PID 5116 wrote to memory of 4948	5116	rundll32.exe	90
PID 5116 wrote to memory of 4948	5116	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#1
  2⤵
  PID:4948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 860
    3⤵
    - Program crash
    PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4948 -ip 4948
1⤵
PID:3824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4948-0-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/4948-1-0x0000000002860000-0x0000000002936000-memory.dmp

Filesize
856KB

Download
memory/4948-2-0x0000000002860000-0x0000000002936000-memory.dmp

Filesize
856KB

Download