f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f | Triage

Analysis

max time kernel
144s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 21:29

Sharing

Report Analysis Logs

General

Target

libcrypto-3.dll
Size

3.6MB
MD5

97413261e457137d87cb2cf795dcca0c
SHA1

58e8f2f06d9eb26f7df678dc6359678091006127
SHA256

1b926491d3172dbfc5c6a2de4e8a7b3a7c67977391227fe5c72264f0824dc8c1
SHA512

7cc4eed8fbef2ecb2fd9ab2d768e78c746b671b3bcaf1c19476c88d126d7337d8bdda50cd2a0e789c1897a09ca8551733d9e83ad8a1290698388feb896e9b68a
SSDEEP

49152:plCOVrlD3PQOGUCmyTvDuz1u+Tu31CPwDvt3uF7DCmcx/JL0s:TCOV5zGVAu+c1CPwDvt3uF7DCm0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	1964	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 1964	4012	rundll32.exe	86
PID 4012 wrote to memory of 1964	4012	rundll32.exe	86
PID 4012 wrote to memory of 1964	4012	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcrypto-3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcrypto-3.dll,#1
  2⤵
  PID:1964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 628
    3⤵
    - Program crash
    PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1964 -ip 1964
1⤵
PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads