2f15574c54c922d0dadcae6db99db6edfd1dab83ffb52675f2cb46f66f165c91 | Triage

Analysis

max time kernel
91s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 21:23

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/InstallOptions.dll
Size

14KB
MD5

b18dfaded8f6d2380fdfd8f6b6969211
SHA1

969fa0e906240ab1123254feeb833c275626cf76
SHA256

747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58
SHA512

25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c
SSDEEP

192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1956	3764	WerFault.exe	15

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 3764	2840	rundll32.exe	15
PID 2840 wrote to memory of 3764	2840	rundll32.exe	15
PID 2840 wrote to memory of 3764	2840	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
PID:3764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 636
  2⤵
  - Program crash
  PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3764 -ip 3764
1⤵
PID:3688

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads