2e8d3972c57395d4c491b14dd8924637463a60f5c15edc889b9c80eb5bf41bce | Triage

Analysis

max time kernel
144s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 00:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5215bee27cceb1de7730a247f0922a34.dll
Size

72KB
MD5

5215bee27cceb1de7730a247f0922a34
SHA1

5a7324d2f529af8c231e897160f27deb7edd94c9
SHA256

2e8d3972c57395d4c491b14dd8924637463a60f5c15edc889b9c80eb5bf41bce
SHA512

abf902b94d4c23e30de200d6a3c2193e8dac954428991a6897d21d5625704c2eb902eb4851923cbab651f2b049d9efdb0e0ef57e8310447ee7b456cdd4558c58
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2772	1364	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 1364	4660	rundll32.exe	16
PID 4660 wrote to memory of 1364	4660	rundll32.exe	16
PID 4660 wrote to memory of 1364	4660	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215bee27cceb1de7730a247f0922a34.dll,#1
1⤵
PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 600
  2⤵
  - Program crash
  PID:2772

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215bee27cceb1de7730a247f0922a34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1364 -ip 1364
1⤵
PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads