cdcab9a3b4610c8734320fb46da896595c2de1bb29fc5b038264e3a01cc41671 | Triage

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 20:34

Sharing

Report Analysis Logs

General

Target

8d47cde53372d1041513537995f32ddb.dll
Size

72KB
MD5

8d47cde53372d1041513537995f32ddb
SHA1

cd2fe3e7c89547b22464923e242b0d63c84c1480
SHA256

cdcab9a3b4610c8734320fb46da896595c2de1bb29fc5b038264e3a01cc41671
SHA512

a7b5b176baffc5876ba71fdc03ae1f5c861ffc1b6abad2db463c4aed96c3ea350f85c51d11e4ef297ad632e51d74ab4c731436603ceba979992285d09d84fc86
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
880	2564	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2564	2324	rundll32.exe	84
PID 2324 wrote to memory of 2564	2324	rundll32.exe	84
PID 2324 wrote to memory of 2564	2324	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d47cde53372d1041513537995f32ddb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d47cde53372d1041513537995f32ddb.dll,#1
  2⤵
  PID:2564
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 600
    3⤵
    - Program crash
    PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2564 -ip 2564
1⤵
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads