53b4bb77726d8f6074d984dbc2a07e2b74bc12fbd2d067515d84941ae13a9cab | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 03:54

Sharing

Report Analysis Logs

General

Target

00031400.dll
Size

19KB
MD5

18198066a2916092a76215b96abe835b
SHA1

498e8abcd7756a84720cde8d13789a3268607920
SHA256

55b74201cb2f887b3a852a0fa46fefe493d1d71114cd8dc68b26bab87ffd36bb
SHA512

05af7e7ab0ee3f0e7911a7a28ec6dd0023299171d09d4a1099229a2c29110b0b584c005217d98d3f06a01ea00a499af68fbe6c7cb6f53649e07d108c726c39f1
SSDEEP

192:mTIy6k6ZmF7VDSAxRBAEw+6xAXHXWnXVRSSrc8SERvQFCZn3bCtXlqv8XX8RuuJ6:ms9mFebpuZT9

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1124 2092 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2984 wrote to memory of 2092	2984	rundll32.exe	rundll32.exe
PID 2092 wrote to memory of 1124	2092	rundll32.exe	WerFault.exe
PID 2092 wrote to memory of 1124	2092	rundll32.exe	WerFault.exe
PID 2092 wrote to memory of 1124	2092	rundll32.exe	WerFault.exe
PID 2092 wrote to memory of 1124	2092	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00031400.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00031400.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 192
3⤵
- Program crash
PID:1124

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...