c9269369eb8f304587eeff5052110557f47a7a17fe24758002e9f47011bb561e | Triage

Analysis

max time kernel
125s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24/01/2024, 08:11

Sharing

Report Analysis Logs

General

Target

7z.dll
Size

1.2MB
MD5

cd479d111eee1dbd85870e1c7477ad4c
SHA1

01ff945138480705d5934c766906b2c7c1a32b72
SHA256

367f8d1bfcf90ae86c0c33b0c8c9e6ec1c433c353d0663ebb44567607402c83d
SHA512

8b801bfbb933e0dc77090555fa258d416cbe9ed780fb1821aed532a979617082b29e0b6f8fb85f73a9e93c98981426c92c498a41c49f823707da3e6b7bb30128
SSDEEP

24576:i2KZ4JRxvmInrDGspjN78mmZH8lOvCvj/dYIZG79ue0CJA39m:ivZ4dvTrRpjgYhNWue0CJAo

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3280	116	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 116	4484	rundll32.exe	86
PID 4484 wrote to memory of 116	4484	rundll32.exe	86
PID 4484 wrote to memory of 116	4484	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7z.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7z.dll,#1
  2⤵
  PID:116
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 600
    3⤵
    - Program crash
    PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 116 -ip 116
1⤵
PID:4500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads