3343644e85fc33f8cd3b97e0f7275053f1c272932379c61b3c0d3c620a23a4ee | Triage

Resubmissions

08-02-2024 19:42

240208-ye7cksbg28 10

08-02-2024 19:33

240208-x9kavshh6s 10

Analysis

max time kernel
91s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2024 19:42

Sharing

Report Analysis Logs

General

Target

Korepi/libGLESv2.dll
Size

6.4MB
MD5

fb74e837a2ebbf59afeb09106644a9ab
SHA1

55225fcc692aa332f698960c3dc1140d791d1fa1
SHA256

e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a
SHA512

585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f
SSDEEP

196608:2NtQrp20oWAyqiq9RcMDBtC3rS4+4aJs4t:2NtQrp2uAypq0MDBtg1EJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4892 852 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4092 wrote to memory of 852	4092	rundll32.exe	rundll32.exe
PID 4092 wrote to memory of 852	4092	rundll32.exe	rundll32.exe
PID 4092 wrote to memory of 852	4092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\libGLESv2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\libGLESv2.dll,#1
2⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 612
3⤵
- Program crash
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 852 -ip 852
1⤵
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...