eb40f8017e4e96c12878d2fa338f63c8ede67a98d0cb06e359beef7adeef9315 | Triage

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 10:56

Sharing

Report Analysis Logs

General

Target

MthreadLib71.dll
Size

64KB
MD5

32820e129a262bb45cc38e14a0b5d692
SHA1

ff6178c8acf552977831e9f514f613ec51918ead
SHA256

e2316030fb73df26ccb8b4a685197dd3c36090a4f1f714056c2d868a53c3dc2b
SHA512

979b9d28bbfb86b008696c2c194c4e650d0cd323fbd9e90d9be76034385ccc8e7faeb3f12949a83d703a01ed241e95ea910ca66fc7db17ea0ce1396802ba268e
SSDEEP

768:W8NH+ZxpugnXfeSqgdvR4VM5PqMmPpX48sE7NR6ltO8GhLNbI:W8QZjJnPrF1mPS0R63O8gBI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
948	4508	WerFault.exe	45

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 4508	2444	rundll32.exe	45
PID 2444 wrote to memory of 4508	2444	rundll32.exe	45
PID 2444 wrote to memory of 4508	2444	rundll32.exe	45

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MthreadLib71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MthreadLib71.dll,#1
  2⤵
  PID:4508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 612
    3⤵
    - Program crash
    PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4508 -ip 4508
1⤵
PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads