78a3096cf129f8ac61f31b0112912fa443f50ffb211445bd5155f70d0eb60c85 | Triage

Analysis

max time kernel
139s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4443a6e4973f44f4de24b09295bface9.dll
Size

72KB
MD5

4443a6e4973f44f4de24b09295bface9
SHA1

ccc0700878d17135f21958455bf9adaa0b7bd472
SHA256

78a3096cf129f8ac61f31b0112912fa443f50ffb211445bd5155f70d0eb60c85
SHA512

c848b927752ab836c5647b120943fe694c809f47be067a487f52b42828e708d5aaff9513c83513ca6675304781bcfe84d6e5bc9efb8e3f81a2c370e16ec6b31e
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1332	3916	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 3916	4628	rundll32.exe	79
PID 4628 wrote to memory of 3916	4628	rundll32.exe	79
PID 4628 wrote to memory of 3916	4628	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4443a6e4973f44f4de24b09295bface9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4443a6e4973f44f4de24b09295bface9.dll,#1
  2⤵
  PID:3916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 600
    3⤵
    - Program crash
    PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3916 -ip 3916
1⤵
PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads