f910a13226f0cc0674db290c728e0474c91fffd6963e454f83d975014d4a785c | Triage

Analysis

max time kernel
135s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 20:16

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/IpConfig.dll
Size

118KB
MD5

a75e3775daac9958610ce1308e0bca3b
SHA1

d83ce354cde527c2e20fb425415f6d4795dd4cd4
SHA256

fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
SHA512

48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
SSDEEP

3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1168	4824	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 4824	1788	rundll32.exe	86
PID 1788 wrote to memory of 4824	1788	rundll32.exe	86
PID 1788 wrote to memory of 4824	1788	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\IpConfig.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\IpConfig.dll,#1
  2⤵
  PID:4824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 612
    3⤵
    - Program crash
    PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4824 -ip 4824
1⤵
PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads