7bb922f34437a2358f5eaa01d7f6c04dc2194e22e3e84f62ac8e5066defd2c38 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 02:58 UTC

Sharing

Report Analysis Logs

General

Target

libGLESv2.dll
Size

7.3MB
MD5

5066eccd717539ce287ebce935db7ffd
SHA1

03c4502c7bf2b5c63f68ec9a2568afb6d8fe655e
SHA256

d2bb0379c686b50cfdf98f6f41d0c36694b4bbcb8d68e4c9a9f9104b0c5c4813
SHA512

1e3ba0fa24e77f5d56b9154004f2c89420794c5a17457959bd386b3fdc6be17f44780f3342797d378ac7fce15d2fbb39e867912e423af1a08e959920929a6c11
SSDEEP

98304:C0kLED4OxChTxGrbOK+iU8tn+deFnct5zZ36/3H:C0kLgtgh1yb4W+BFAX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1992	2968	rundll32.exe	28
PID 2968 wrote to memory of 1992	2968	rundll32.exe	28
PID 2968 wrote to memory of 1992	2968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2968 -s 88
  2⤵
  PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads