2e21aba77ad8fbac757b4da9b1265b86b43272a46adc63a14866fd5e53d64235 | Triage

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:20

Sharing

Report Analysis Logs

General

Target

29c4e2cae16d7fa73ba80730f4b83e75.dll
Size

26KB
MD5

29c4e2cae16d7fa73ba80730f4b83e75
SHA1

45adb0eeeb5787de8fad4c7c01d2bdf3e7d4370f
SHA256

2e21aba77ad8fbac757b4da9b1265b86b43272a46adc63a14866fd5e53d64235
SHA512

e179ab7d84fae361568f14b7b96160403a993591b4c5b934a5752ee61c776fe75e4862976b9e66cc799ce2b12da1bfe3ad6161072fdd8f524d20bea29eca69fb
SSDEEP

768:J6Us2XslLZcDdp47vjhwfdknrxLnUp9BT:Iz2X065+1wFwFq9B

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3648	2464	WerFault.exe	17

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2464	2764	rundll32.exe	17
PID 2764 wrote to memory of 2464	2764	rundll32.exe	17
PID 2764 wrote to memory of 2464	2764	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29c4e2cae16d7fa73ba80730f4b83e75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29c4e2cae16d7fa73ba80730f4b83e75.dll,#1
  2⤵
  PID:2464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 548
    3⤵
    - Program crash
    PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2464 -ip 2464
1⤵
PID:4840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2464-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download