2cd82dab3db60ffbcaef80b1ea701d479a6c3e7810d251b0b6a17b628da9356a | Triage

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:41

Sharing

Report Analysis Logs

General

Target

26b507b3e65c5345a161552fbfd1b295.dll
Size

32KB
MD5

26b507b3e65c5345a161552fbfd1b295
SHA1

fc070554dea11068295f2c33d3c5955fe1b31a2d
SHA256

2cd82dab3db60ffbcaef80b1ea701d479a6c3e7810d251b0b6a17b628da9356a
SHA512

25c874a406620c0b0d336356c8c59fdbd68a277826c0bc409a934da322f6b68fc168dd4b1b6435602973b663e2108a0a3077ffbaec5053a36143864a012e6b9f
SSDEEP

768:cKGMhIFkHAoM7zympZ5hulCSeHsE19JMDR9gJyMt/:bGZ/y6Z5IlosE19JMDRbMt

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3536	5088	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 5088	5028	rundll32.exe	87
PID 5028 wrote to memory of 5088	5028	rundll32.exe	87
PID 5028 wrote to memory of 5088	5028	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26b507b3e65c5345a161552fbfd1b295.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26b507b3e65c5345a161552fbfd1b295.dll,#1
  2⤵
  PID:5088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 592
    3⤵
    - Program crash
    PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5088 -ip 5088
1⤵
PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5088-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download