dcb9ec22da4fcc20ecf9bf691cde6318b6bc619f1738d82cdbc6414e640d1333 | Triage

Analysis

max time kernel
91s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 02:14

Sharing

Report Analysis Logs

General

Target

9a7f1c43fe644cf5bf56ce9bf04009e7.dll
Size

29KB
MD5

9a7f1c43fe644cf5bf56ce9bf04009e7
SHA1

442b98edd15c38998f8002c2c8fd95ee9c283382
SHA256

dcb9ec22da4fcc20ecf9bf691cde6318b6bc619f1738d82cdbc6414e640d1333
SHA512

8719a0c58d5bab68e622a9b21fcdb5c0fff6db0855ed9db9525fbee8ce9c4a043d6f40494c94633dca073799bbbdef2bff58ad70b6e70e48701fab1facc88203
SSDEEP

768:a4K3VDoNWM1PBzhTibLkZlgQledGz7Yu0HYg:jK3y8iPBNTiX8gBG/d4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2644-0-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/2644-1-0x0000000010000000-0x0000000010018000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3420	2644	WerFault.exe	36

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 2644	3612	rundll32.exe	36
PID 3612 wrote to memory of 2644	3612	rundll32.exe	36
PID 3612 wrote to memory of 2644	3612	rundll32.exe	36

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7f1c43fe644cf5bf56ce9bf04009e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a7f1c43fe644cf5bf56ce9bf04009e7.dll,#1
  2⤵
  PID:2644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 548
    3⤵
    - Program crash
    PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2644 -ip 2644
1⤵
PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2644-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2644-1-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download