7eda7959cbd621b9882edb4a152a79aee70daa4fbb3186cb2bfbbff1d8a7c9a2 | Triage

Analysis

max time kernel
86s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 13:35

Sharing

Report Analysis Logs

General

Target

0.4.2.8/rggl.dll
Size

523KB
MD5

dd03259bd8961579aa0c25c74e3a9108
SHA1

abc40e479b093b9c63d0133cdb77f3b9765e232c
SHA256

9f58153a7ebb8c2c85abf63bc26d7c8f8a6ea010dac55ce8c778faa3279d1956
SHA512

c727cdc1766eda697810ad10efab388e55ee3fc7cd74ab9daf68af880cfe6c6cc1a600c2d25b1f7ce18a18dfab41bd6b0e8ebe2ef5aa2af5ebada0a5d8298a28
SSDEEP

12288:T/RxzPKu27zaAZBp+8YzcRM1+78rgnfkiKrEIlxgBvTAipoz:C7DCeM07fnfVIlxgBvUcoz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	4108	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 4108	1612	rundll32.exe	81
PID 1612 wrote to memory of 4108	1612	rundll32.exe	81
PID 1612 wrote to memory of 4108	1612	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\rggl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\rggl.dll,#1
  2⤵
  PID:4108
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 488
    3⤵
    - Program crash
    PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 4108 -ip 4108
1⤵
PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4108-0-0x0000000002320000-0x00000000027E4000-memory.dmp

Filesize
4.8MB

Download