114aba326c9362eb17f60ce0e78fb2799cf78a1d6021b58db2ecd8c831b463a7 | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:47

Sharing

Report Analysis Logs

General

Target

7a10f16175d3a9b12362e456abd4a2b9.dll
Size

42KB
MD5

7a10f16175d3a9b12362e456abd4a2b9
SHA1

a4fbe0a95cf1b087f1fc01dab638b8725f92fca2
SHA256

114aba326c9362eb17f60ce0e78fb2799cf78a1d6021b58db2ecd8c831b463a7
SHA512

551de3ac2b55040aece89f4b4a2fdcf9f2f6f90c308736b5bc2c952f90f45431c57ae5aba4f0f243cc4800dc3df871d83e8d1bd51d33c9fe98fba15001e1d0a4
SSDEEP

768:kzCmFnE9xcEV+Mlsa2k1/+SJOydXm1o9Iv:kumnE9x/+Ml5V1/+6h2o2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5056	4484	WerFault.exe	91

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 4484	3924	rundll32.exe	91
PID 3924 wrote to memory of 4484	3924	rundll32.exe	91
PID 3924 wrote to memory of 4484	3924	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a10f16175d3a9b12362e456abd4a2b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a10f16175d3a9b12362e456abd4a2b9.dll,#1
  2⤵
  PID:4484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 796
    3⤵
    - Program crash
    PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4484 -ip 4484
1⤵
PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4484-0-0x0000000001420000-0x0000000001421000-memory.dmp

Filesize
4KB

Download
memory/4484-1-0x0000000002E80000-0x0000000002F56000-memory.dmp

Filesize
856KB

Download
memory/4484-2-0x0000000002E80000-0x0000000002F56000-memory.dmp

Filesize
856KB

Download