4d4c6e971e2c8635ffdcc310998c0ab3b72595cc6589754666554da4128c4862 | Triage

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2024 09:00

Sharing

Report Analysis Logs

General

Target

Akebi/chrome_elf.dll
Size

690KB
MD5

4bc92038a76a457a1c36499bd843aa1a
SHA1

0ec0ab717f116231ee1f120e958aa1876845ffb0
SHA256

6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29
SHA512

2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768
SSDEEP

12288:dRn335tvsz6Xu1HkXh312ix5zqYDoYFEaaqHudbjnySWGG7Kn:fH5tv4J1HkR3hoYe8i

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1244 752 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5000 wrote to memory of 752	5000	rundll32.exe	rundll32.exe
PID 5000 wrote to memory of 752	5000	rundll32.exe	rundll32.exe
PID 5000 wrote to memory of 752	5000	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Akebi\chrome_elf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Akebi\chrome_elf.dll,#1
2⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 600
3⤵
- Program crash
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 752 -ip 752
1⤵
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...