8f58cb90e5a5b38e2e00b4e03591fa37828d70e5d95b8468456c95c5fbc156d1 | Triage

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 04:57

Sharing

Report Analysis Logs

General

Target

5809c52a83adaa97efbdf208cdc53f29.dll
Size

83KB
MD5

5809c52a83adaa97efbdf208cdc53f29
SHA1

054100c800309fdc84acb9fd4f1ff3874b996c08
SHA256

8f58cb90e5a5b38e2e00b4e03591fa37828d70e5d95b8468456c95c5fbc156d1
SHA512

505214d5cdf6de90da4af7c69aca8d1b7742c722de668190cbf6bb96d31977415494c26e8b90fbce41e7a4b4918f2058e179348e59d3271d9edb51500b625b8e
SSDEEP

1536:4cgWXk1kpWg4bHg/uZFMNqXml47Bas+m0xv:4cgWXk1+EgmZ6aS4taS0xv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4008	3664	WerFault.exe	19

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 3664	3740	rundll32.exe	19
PID 3740 wrote to memory of 3664	3740	rundll32.exe	19
PID 3740 wrote to memory of 3664	3740	rundll32.exe	19

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5809c52a83adaa97efbdf208cdc53f29.dll,#1
1⤵
PID:3664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 640
  2⤵
  - Program crash
  PID:4008

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5809c52a83adaa97efbdf208cdc53f29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3664 -ip 3664
1⤵
PID:3364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3664-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download