7eda7959cbd621b9882edb4a152a79aee70daa4fbb3186cb2bfbbff1d8a7c9a2 | Triage

Analysis

max time kernel
90s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 13:35

Sharing

Report Analysis Logs

General

Target

0.4.2.8/SciLexer.dll
Size

333KB
MD5

27add600105682c753e26324a8e964fa
SHA1

b7d3ab313ebc0ebde9d14842d4ad737f78e7f0bd
SHA256

17112ed0cb094931027ad6f8e1523fcfe3dcd4abd5f7f8628d77679a550d2147
SHA512

980bf899b800f9c882600e826d3b413bcd37f9b431e70bc33fa3a228f110260affe17f046237f718d58cbc25e21ef7efd02dbb274a239a2f0f8cea42d5d97894
SSDEEP

6144:xFZRjIZQ0jLWc7AzBelUhDCKp/U9wk2FhfMElLke5r:jjIZQ0nszBeQD9/U96FhfzLkeF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1824	3756	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3756	3060	rundll32.exe	81
PID 3060 wrote to memory of 3756	3060	rundll32.exe	81
PID 3060 wrote to memory of 3756	3060	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\SciLexer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\SciLexer.dll,#1
  2⤵
  PID:3756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 408
    3⤵
    - Program crash
    PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3756 -ip 3756
1⤵
PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads