99115734cd54abadcb5b7d355e627f2b1e02ab18c8d0a70590270581d9e09e13 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:15

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/InstallOptions.dll
Size

12KB
MD5

83304a78d2b6ea45ea8404f4cd78721f
SHA1

d5c5d19653c751c08579dd094bcc9fef1841af00
SHA256

92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414
SHA512

94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e
SSDEEP

384:BKlm7i+c3QW6ckPhyDEaLn42bbBBIXwZ:0qi8BcyhEhLpbbTI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1920 2288 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2356 wrote to memory of 2288	2356	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 1920	2288	rundll32.exe	WerFault.exe
PID 2288 wrote to memory of 1920	2288	rundll32.exe	WerFault.exe
PID 2288 wrote to memory of 1920	2288	rundll32.exe	WerFault.exe
PID 2288 wrote to memory of 1920	2288	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 248
3⤵
- Program crash
PID:1920

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...