c6e76b17dc20c465477355eda0e90dc04647771124ca2f86fa56894ae3b927e9 | Triage

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 02:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7bf1269f31fbeab6f2b1c968d8da0073.dll
Size

268KB
MD5

7bf1269f31fbeab6f2b1c968d8da0073
SHA1

b95dca8a2f82fabb897d3517b5d7e3ef3d1807eb
SHA256

c6e76b17dc20c465477355eda0e90dc04647771124ca2f86fa56894ae3b927e9
SHA512

94a5fc2a1cf352f87557b84e3453e284a1bcf2bde0df98affe97a1b15b292e1d2e66ea79ef6fe9fdde1f4e5d300ef20a321f3d85e90e89a58bced9f7745d07c5
SSDEEP

6144:JAvSWNb3JC788rvXWeiT0nxyparsbtP/C:JAv30ATT0xy1btP/C

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
688	1564	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 1564	3552	rundll32.exe	85
PID 3552 wrote to memory of 1564	3552	rundll32.exe	85
PID 3552 wrote to memory of 1564	3552	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf1269f31fbeab6f2b1c968d8da0073.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf1269f31fbeab6f2b1c968d8da0073.dll,#1
  2⤵
  PID:1564
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 568
    3⤵
    - Program crash
    PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1564 -ip 1564
1⤵
PID:228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads