b4df0f41725f05a85f03e8a88405688d809f1a1ee626cee74d90e416b1f00e08 | Triage

Analysis

max time kernel
123s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4dabe05b4a707ef8c93f7834778a66d2.dll
Size

40KB
MD5

4dabe05b4a707ef8c93f7834778a66d2
SHA1

3455a56e0106a93d5d5d8f44a4ae69861f274c3d
SHA256

b4df0f41725f05a85f03e8a88405688d809f1a1ee626cee74d90e416b1f00e08
SHA512

fbf50fb5f436b0749bd9d9e8c33e56b3e4e9f568af87062f85902746defb796d6a6577a1481d8fc3162893d00641831942e7569df577cc05d41dc37752c9ec80
SSDEEP

768:3nIcQg8KMPLxh1g0KDHVwKM+0JH6sgsJKI:3mN9MHyq0QZI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3888	640	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 640	3952	rundll32.exe	15
PID 3952 wrote to memory of 640	3952	rundll32.exe	15
PID 3952 wrote to memory of 640	3952	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dabe05b4a707ef8c93f7834778a66d2.dll,#1
1⤵
PID:640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 632
  2⤵
  - Program crash
  PID:3888

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dabe05b4a707ef8c93f7834778a66d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 640 -ip 640
1⤵
PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads