27c716e8d122a16fb18cf7084ee6069e88e188b1e4e1a0f5ebaa96b453a94a83 | Triage

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 07:51

Sharing

Report Analysis Logs

General

Target

8bcb033249ecbe23b02a2dca006cedc6.dll
Size

154KB
MD5

8bcb033249ecbe23b02a2dca006cedc6
SHA1

bee8154886f0788cb0f2b87544d6ecd4fbe6752d
SHA256

27c716e8d122a16fb18cf7084ee6069e88e188b1e4e1a0f5ebaa96b453a94a83
SHA512

440349d268257bf5380580178bc638ddf4b2cca6d224c1699f314f130cbd9b61e9fde01f7321db75ca0e5442812d81efcc6888a430f493281ec02e4d53f82800
SSDEEP

3072:c/CgZZH5ogTeXu+E773hg6E0NJvJ8rvkK3zhcGcHbDJx:4CYSR53OirvRz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2460	1184	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1184	2532	rundll32.exe	87
PID 2532 wrote to memory of 1184	2532	rundll32.exe	87
PID 2532 wrote to memory of 1184	2532	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8bcb033249ecbe23b02a2dca006cedc6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8bcb033249ecbe23b02a2dca006cedc6.dll,#1
  2⤵
  PID:1184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 600
    3⤵
    - Program crash
    PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1184 -ip 1184
1⤵
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads