e0f492b56cdde36c64daa34406e43e16113e7b7e43952895529dea6b65eacd6b | Triage

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 00:15

Sharing

Report Analysis Logs

General

Target

eapi.dll
Size

148KB
MD5

d7c65f338b7063e4337f25d1a511f723
SHA1

e1eb90f87e0a9bde3e70c0f87c2fc368dc8092e9
SHA256

7de13885441baa0cca8e81bbd5d2dd2a7ba411156b897dbe2820d94b7589da10
SHA512

a726112ab90e707acffe75cecb537b138a202657eb9167327a26d5db53d3a25609ff772896b2691fdfea2765417eafb1116e02b762c98cca4a08333a085067b6
SSDEEP

3072:NjYQztF8U/iSj2Z94vefRvEjWZh8UlIX:30E2Z94vewGh8F

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4372	3260	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3260	5036	rundll32.exe	20
PID 5036 wrote to memory of 3260	5036	rundll32.exe	20
PID 5036 wrote to memory of 3260	5036	rundll32.exe	20

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eapi.dll,#1
1⤵
PID:3260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 612
  2⤵
  - Program crash
  PID:4372

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eapi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3260 -ip 3260
1⤵
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads