ee004ef27f9b6c467a981a9fbc7cd80584146cd48d6936bb8714f16504028f59 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:06

Sharing

Report Analysis Logs

General

Target

2956e79b303a17297e9da277a7499c32.dll
Size

43KB
MD5

2956e79b303a17297e9da277a7499c32
SHA1

dcb9383e15e672734382d9be30e274fe3c525e5b
SHA256

ee004ef27f9b6c467a981a9fbc7cd80584146cd48d6936bb8714f16504028f59
SHA512

f9bc4422a0073509476b2cf17c08710eaad20c4b1c6d8099ed59bc8d8b320e398ec88ebae25496bf10ffedc8f862b123151fb59a1d63675d9e3019a8e0c97b5b
SSDEEP

768:xkc272CWd2Zwi6YNo0pVMJkLBFZi2Id8UiEFnfQR:x52CCYWr6oVM2fZi231

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3460	4348	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 4348	3132	rundll32.exe	14
PID 3132 wrote to memory of 4348	3132	rundll32.exe	14
PID 3132 wrote to memory of 4348	3132	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#1
1⤵
PID:4348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 644
  2⤵
  - Program crash
  PID:3460

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4348 -ip 4348
1⤵
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4348-0-0x0000000003000000-0x0000000003026000-memory.dmp

Filesize
152KB

Download
memory/4348-1-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download