27bd4bcf2a32e90f4d87229445089bcc2383083036dbbc552a155b709bc67f8b | Triage

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 22:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c9d08215b2dc12c73d4ee50807d9d178.dll
Size

1.0MB
MD5

c9d08215b2dc12c73d4ee50807d9d178
SHA1

baefda68b5832aa8fc0e107017bd5a68feff8ff9
SHA256

27bd4bcf2a32e90f4d87229445089bcc2383083036dbbc552a155b709bc67f8b
SHA512

a3cb98a704322f61a22bbf661eb370b7e4628e9a5cc04e7fb617e73dae6997455079f0c5d4d19133de87a74920bb7db410ea107f1c78d0517181b87dfa34b898
SSDEEP

24576:S/C2M9oBymFEu7rHEns3O7g4G5CsbFisqz:SuoB8u/gn7pG5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4180	4948	WerFault.exe	96

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 4948	912	rundll32.exe	96
PID 912 wrote to memory of 4948	912	rundll32.exe	96
PID 912 wrote to memory of 4948	912	rundll32.exe	96

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9d08215b2dc12c73d4ee50807d9d178.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9d08215b2dc12c73d4ee50807d9d178.dll,#1
  2⤵
  PID:4948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 560
    3⤵
    - Program crash
    PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4948 -ip 4948
1⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4948-0-0x0000000010000000-0x000000001010C000-memory.dmp

Filesize
1.0MB

Download