96121624b8e5bd7560c1f4e55ae28faf7f252bca250707ccda38391cb62e4040 | Triage

Analysis

max time kernel
359s
max time network
366s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 18:34

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/System.dll
Size

26KB
MD5

d6f185c5bb8b9d6ee47908be05135e4b
SHA1

135bb033c5c63d69d193d36447b036157f12cd09
SHA256

19d826cfdbdeb27fccecfbcfecc4f1bdce9f01df509f46b9ba1674f095d62659
SHA512

16addd64cd38a9e222e1d4b344d0d25e2a1c363116f3f1f77cf76db9b93ca0487f65bc82c601ccf3edc623f2ebbb929d5cda3e61ffa1f3f5a04d34a219ee36dc
SSDEEP

384:8YMakm2meRRvXikWD/h+g3buKGwWna6hYkuku3bdpn3ZZ:8Xnm2hLnWD/h5JWaoYHkYbdP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2992	2932	rundll32.exe	28
PID 2932 wrote to memory of 2992	2932	rundll32.exe	28
PID 2932 wrote to memory of 2992	2932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2932 -s 112
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x000007FEFBB20000-0x000007FEFBB2F000-memory.dmp

Filesize
60KB

Download