87319e464d24195aaaeed4353371b577cbb31baf41fa898d58a5c9d4475b12e3 | Triage

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 14:49

Sharing

Report Analysis Logs

General

Target

川雪flash播放器/sae.dll
Size

115KB
MD5

0c190aa09e5989bfb4df9489bbd5619d
SHA1

108646a5275aed7306b311bfc0750f24412511f1
SHA256

6f7a5b7ed80d5c373bfe5ddb1f7fdc42d40e6de5ef51c17ad2d5d867118d04cd
SHA512

c0cb6e885ce103d73afadfe7b981a3e92baa97da0f41c6eb50b006be97e56d2c40af26db39103d19b7d6489e2d8bc85c9f59b09b1b60fa795bb2147829c7bedd
SSDEEP

3072:Iwz4M5Ymdz8yYg8Hb2sC2uJLvudSmR1lIht6pBTWVRhKI2U:j0AeyY02xRuY7TW4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2524	2208	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 1700 wrote to memory of 2208	1700	rundll32.exe	28
PID 2208 wrote to memory of 2524	2208	rundll32.exe	29
PID 2208 wrote to memory of 2524	2208	rundll32.exe	29
PID 2208 wrote to memory of 2524	2208	rundll32.exe	29
PID 2208 wrote to memory of 2524	2208	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\川雪flash播放器\sae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\川雪flash播放器\sae.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 244
    3⤵
    - Program crash
    PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download