99c2474f5bea6e3955d1002aa98678c32e9c0e9f2fb6d0c35d3a428ec279d103 | Triage

Analysis

max time kernel
119s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2024 04:44

Sharing

Report Analysis Logs

General

Target

wpfgfx_cor3.dll
Size

1.7MB
MD5

52d8f7f0ab9d679209b707c7ebc8377e
SHA1

7042a8788ea40f29b2fab2ec249dfd9e8c6ed7e6
SHA256

69c03db89ad14cdf2c05db284d1452a517d7127bafd871334685d715f662d203
SHA512

8617663d2292ca05d1873cbf9cf2397a0e56214c5bf5d66d5b1c8e95658a5604e1d27656ce853d1306c4a21575e3fe45934a0b8e5bb256644cd064b8d8269c87
SSDEEP

24576:jA4+95hzAxEvPcYCUhGU6YVjfB458Yqj0ggwBklV3SFyyTNjnm81d1:k4+fxAxEvPXG+Ig0GFycND9d1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4224	4624	rundll32.exe	31
PID 4624 wrote to memory of 4224	4624	rundll32.exe	31
PID 4624 wrote to memory of 4224	4624	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wpfgfx_cor3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wpfgfx_cor3.dll,#1
  2⤵
  PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads