6c02318ae65496c8b178affa6cce80a195fd5c4c9c46e8f0f93fcfa252ba49cb | Triage

Analysis

max time kernel
128s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:00

Sharing

Report Analysis Logs

General

Target

ImeHook.dll
Size

16KB
MD5

deded28d23751c4aa242dc1a4536528f
SHA1

3de9f1d13bf371ae2a1a64ce3f7ffc68cdf227c9
SHA256

165886f070a708d72cf6bad5ca03aae4a866df5d2dbde33d28f6363e3667ecc7
SHA512

ed76c347feee85c812095fb2ed44a4be7d3a941e1d7b7acff883bb2f8f20fb79454479016cea276b0f163b22e75236eb9f8e808dad11f67b9be1ecacc149107b
SSDEEP

384:zqIiqiqTxtKyegtVsilJJur5Jsq8ILKOLLvYiDsssjVPa5:ZizqFtxeosQJ8r3sFkL7sv6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	4756	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 4756	868	rundll32.exe	14
PID 868 wrote to memory of 4756	868	rundll32.exe	14
PID 868 wrote to memory of 4756	868	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ImeHook.dll,#1
1⤵
PID:4756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 632
  2⤵
  - Program crash
  PID:2952

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ImeHook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4756 -ip 4756
1⤵
PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads