b82752e798eec15d7e5ff9bbef1e9eabb2ee862ea904b327f4322fa55a18cc3f | Triage

Analysis

max time kernel
137s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 13:23

Sharing

Report Analysis Logs

General

Target

8f42a57b7547554fb685f15e4a724582.dll
Size

160KB
MD5

8f42a57b7547554fb685f15e4a724582
SHA1

707a8d09a7a2e0b7430bd0bdc596112709366d02
SHA256

b82752e798eec15d7e5ff9bbef1e9eabb2ee862ea904b327f4322fa55a18cc3f
SHA512

d269d6c4ec9b984e1b59f53b470e724bd6cc216697c003f87a94358a42042833a9ca2e2f61b42ef8e1262b18da8ae70ffbae9f6bba9b5771ab6cd9d624f692c1
SSDEEP

3072:SXZC1fhEIosP/HMP7kUj6IXE6i1xRqLCJVQyyR:uC1fWIpP/H67kU+I06i1D6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3888	2352	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 2352	3412	rundll32.exe	84
PID 3412 wrote to memory of 2352	3412	rundll32.exe	84
PID 3412 wrote to memory of 2352	3412	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f42a57b7547554fb685f15e4a724582.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f42a57b7547554fb685f15e4a724582.dll,#1
  2⤵
  PID:2352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 600
    3⤵
    - Program crash
    PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2352 -ip 2352
1⤵
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads