a4faf7f9af3078883c39b9c208fcc062d991ad1624cb3b101d1b429b304f99a8 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 07:23

Sharing

Report Analysis Logs

General

Target

ae010b82fdfe12129b5b342a317a721d.dll
Size

29KB
MD5

ae010b82fdfe12129b5b342a317a721d
SHA1

cb7f7a9674d8402e49a8f296087d42802a5c70fe
SHA256

a4faf7f9af3078883c39b9c208fcc062d991ad1624cb3b101d1b429b304f99a8
SHA512

5214d7152a6782cd63b892efc29e36e7da7636f14f180af3e1ae2d49a0b9f4ee0e9c9bf0290cfe4906342f2567d4b2fb113cb6f4affb2e175d48edcfa530b216
SSDEEP

768:4UhOBrTv6uPaeVbvci/8f+kUVw7DRriyrfdSb:49V5aeVb0i/8GRw7brFSb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3000	4264	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 4264	1848	rundll32.exe	86
PID 1848 wrote to memory of 4264	1848	rundll32.exe	86
PID 1848 wrote to memory of 4264	1848	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae010b82fdfe12129b5b342a317a721d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae010b82fdfe12129b5b342a317a721d.dll,#1
  2⤵
  PID:4264
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 580
    3⤵
    - Program crash
    PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4264 -ip 4264
1⤵
PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4264-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download