4d638c89242e6e6cf55fa32ed6fc90e1d3df93dc827563d4ceeb7f583f265d0a | Triage

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 17:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

701c22274869f62b17e6d27e82614ff7.dll
Size

128KB
MD5

701c22274869f62b17e6d27e82614ff7
SHA1

13a8a1561e7ea0f60b4f939ae6504bf1131ff985
SHA256

4d638c89242e6e6cf55fa32ed6fc90e1d3df93dc827563d4ceeb7f583f265d0a
SHA512

4dd0d542eb7917c28cb42b09fad2bb699f7b363765da41fc31c8a908f20287e276795425cd20088472e43f3e5bfc7f327c11bbeb722b67e87ee97351a46f1f51
SSDEEP

1536:Wimib9+u1SeHd+II8o1KSVIgunntpCi9o6Plce:WL63Ye9YlKSFEtF9x9ce

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1280	672	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 672	3532	rundll32.exe	87
PID 3532 wrote to memory of 672	3532	rundll32.exe	87
PID 3532 wrote to memory of 672	3532	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\701c22274869f62b17e6d27e82614ff7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\701c22274869f62b17e6d27e82614ff7.dll,#1
  2⤵
  PID:672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 544
    3⤵
    - Program crash
    PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 672 -ip 672
1⤵
PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/672-0-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download