0c18f794e55f9ac2ce73efa27286c18df90630e02d4ceb6b88300573917adaf0 | Triage

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 05:21

Sharing

Report Analysis Logs

General

Target

52a478b0712258586ff4f3b62b3e15cf.dll
Size

72KB
MD5

52a478b0712258586ff4f3b62b3e15cf
SHA1

9dea479c00ee86bd4ed411ebd825abf7fc1fe5d2
SHA256

0c18f794e55f9ac2ce73efa27286c18df90630e02d4ceb6b88300573917adaf0
SHA512

6c28e8e6452f5a731dee2ec33d4b58c52460fa49d34ac4d29ec0d2425578b454baaffc914b20930a759e6da4fe83b4a880bba409af64b96f3d3ec5be1511a85a
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3956	4148	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 4148	4540	rundll32.exe	89
PID 4540 wrote to memory of 4148	4540	rundll32.exe	89
PID 4540 wrote to memory of 4148	4540	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#1
  2⤵
  PID:4148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 552
    3⤵
    - Program crash
    PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4148 -ip 4148
1⤵
PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads