7eda7959cbd621b9882edb4a152a79aee70daa4fbb3186cb2bfbbff1d8a7c9a2 | Triage

Analysis

max time kernel
143s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 13:35

Sharing

Report Analysis Logs

General

Target

0.4.2.8/rgmain.dll
Size

4.7MB
MD5

111bf584ad29fb9f94cd3b04aaf0ac76
SHA1

798d8439b02c46ff9fce509d2c6077fcc0aba6aa
SHA256

b7ea77763aa3cf84039638ca6b94b0ea184cb1d2c838b2b39e73947cd495ceba
SHA512

6f0ecf90bbac91aec233848105e2efbedac1f182683a5e3634db803cf05121d4deadecab4bfecfd062750f5da9f4edd6834e9f6709ce1ad83d7b3c4bc956f7b6
SSDEEP

49152:4K1EwtJiPlFJByFyvt88+w0Hoh6f1p2AKWKoRUVnzZlTwyTpZyKndVY:dHXElxn+w0Ih6fqDVNy

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3360	648	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 648	4216	rundll32.exe	81
PID 4216 wrote to memory of 648	4216	rundll32.exe	81
PID 4216 wrote to memory of 648	4216	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\rgmain.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0.4.2.8\rgmain.dll,#1
  2⤵
  PID:648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 460
    3⤵
    - Program crash
    PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 648 -ip 648
1⤵
PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads