2d90f3e78b23e0de3329af556de291812431e8230a68154cfe0c14b08df844fa

Analysis

max time kernel
115s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2024, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

libass-9.dll
Size

314KB
MD5

91be1e7a9a1c1f0e4ff4c497a05d1891
SHA1

5ed0f186f6756703f4102d743d7b4ec60e5dbe2a
SHA256

88cfbbb4805ea9a88ee36c2797808b763938f540a73816980109b776b7e2536a
SHA512

6e4393dd075f25e2a83acd531e1171089080cbe3de2492d1286b151c4cfaf10c0be5f2dc7914e6c45829123aacb632321a23ebf74ba32053827e1cf62716fc49
SSDEEP

6144:Iv7PP65GJvXwhgljekl6kst7IXm3VbGXus3tcMbG51PW5iSIq:4gEjplS7gm3VbG5y1WKq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4952	4800	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4800	4788	rundll32.exe	84
PID 4788 wrote to memory of 4800	4788	rundll32.exe	84
PID 4788 wrote to memory of 4800	4788	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libass-9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libass-9.dll,#1
  2⤵
  PID:4800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 656
    3⤵
    - Program crash
    PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4800 -ip 4800
1⤵
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4800-0-0x0000000074390000-0x00000000744ED000-memory.dmp

Filesize
1.4MB

Download
memory/4800-1-0x0000000074970000-0x00000000749C2000-memory.dmp

Filesize
328KB

Download
memory/4800-2-0x0000000074940000-0x0000000074966000-memory.dmp

Filesize
152KB

Download
memory/4800-3-0x0000000074810000-0x00000000748D7000-memory.dmp

Filesize
796KB

Download
memory/4800-4-0x00000000747E0000-0x000000007480C000-memory.dmp

Filesize
176KB

Download
memory/4800-5-0x00000000746C0000-0x00000000747D2000-memory.dmp

Filesize
1.1MB

Download
memory/4800-6-0x00000000748E0000-0x0000000074938000-memory.dmp

Filesize
352KB

Download
memory/4800-7-0x00000000745B0000-0x00000000746BC000-memory.dmp

Filesize
1.0MB

Download
memory/4800-8-0x0000000074560000-0x0000000074576000-memory.dmp

Filesize
88KB

Download
memory/4800-9-0x0000000074510000-0x0000000074555000-memory.dmp

Filesize
276KB

Download
memory/4800-10-0x0000000074580000-0x00000000745A1000-memory.dmp

Filesize
132KB

Download
memory/4800-11-0x00000000744F0000-0x0000000074508000-memory.dmp

Filesize
96KB

Download
memory/4800-13-0x0000000074340000-0x000000007436E000-memory.dmp

Filesize
184KB

Download
memory/4800-14-0x0000000074310000-0x0000000074336000-memory.dmp

Filesize
152KB

Download
memory/4800-15-0x00000000742D0000-0x000000007430A000-memory.dmp

Filesize
232KB

Download
memory/4800-16-0x00000000742A0000-0x00000000742CB000-memory.dmp

Filesize
172KB

Download
memory/4800-17-0x0000000074270000-0x000000007429B000-memory.dmp

Filesize
172KB

Download
memory/4800-18-0x0000000074090000-0x0000000074267000-memory.dmp

Filesize
1.8MB

Download
memory/4800-19-0x0000000074040000-0x000000007408C000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads