a88567177e3adeebdced47347dab06098412ae2f1f6646a89826fee4fbe8ad98 | Triage

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 03:21

Sharing

Report Analysis Logs

General

Target

0ccd6cfebed9faf9b519df1e5515b956.dll
Size

60KB
MD5

0ccd6cfebed9faf9b519df1e5515b956
SHA1

84665be1d9ad226952f8f97cf78e8fc90d542acb
SHA256

a88567177e3adeebdced47347dab06098412ae2f1f6646a89826fee4fbe8ad98
SHA512

1d8ea473776cc8fc888b2fac743f2047962b1bc8684450a9e3ee09ea44727fbe690396188eb27e6b9878de57844c26bfe479c90284300d0b0f3688a856d3eff1
SSDEEP

1536:ZQdi1gpXXoq6uyVNtFNtkBaz90t9NAzlWWkQY:ZQdXpXXoK+NtbIDt9KRiQY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
648	4544	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4544	5040	rundll32.exe	88
PID 5040 wrote to memory of 4544	5040	rundll32.exe	88
PID 5040 wrote to memory of 4544	5040	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccd6cfebed9faf9b519df1e5515b956.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccd6cfebed9faf9b519df1e5515b956.dll,#1
  2⤵
  PID:4544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 580
    3⤵
    - Program crash
    PID:648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4544 -ip 4544
1⤵
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4544-0-0x0000000002920000-0x00000000029AC000-memory.dmp

Filesize
560KB

Download