e85ee4cf3127c06aadafd5ebe8b9e201fba8cf631b6fcbcceee34b9f3c1ac0b8 | Triage

Analysis

max time kernel
147s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 18:10

Sharing

Report Analysis Logs

General

Target

001bb4eb45b8ca991623bd1591eaf975.dll
Size

205KB
MD5

001bb4eb45b8ca991623bd1591eaf975
SHA1

2e8885971ff2b0557fd77af4feb0d43cadc66936
SHA256

e85ee4cf3127c06aadafd5ebe8b9e201fba8cf631b6fcbcceee34b9f3c1ac0b8
SHA512

7b47e15dbc13a486be3eb25f3379fcb6bc810a1c7d45cbd3982f8ec9c2db523cec7a6e5855b0d880c6b7176cf88472dfcd14cc51bd6479fcc4824393f6886892
SSDEEP

6144:i8D0fLejhyfFheiMP4jmLMO4pqEOc9YsbIoS:N0fIyfXe7PwRymRIoS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2044-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4808 2044 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4540 wrote to memory of 2044	4540	rundll32.exe	rundll32.exe
PID 4540 wrote to memory of 2044	4540	rundll32.exe	rundll32.exe
PID 4540 wrote to memory of 2044	4540	rundll32.exe	rundll32.exe

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#1
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 548
2⤵
- Program crash
PID:4808

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2044 -ip 2044
1⤵
PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-1-0x0000000000B10000-0x0000000000B24000-memory.dmp

Filesize
80KB

Download
memory/2044-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download