e9b61085da2cb9fafc13aada4f6e7057023ef25da3b66311ed7ce51e68595168 | Triage

Analysis

max time kernel
146s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 09:07

Sharing

Report Analysis Logs

General

Target

cb05c69cb5982f58888b553d094eed16.dll
Size

58KB
MD5

cb05c69cb5982f58888b553d094eed16
SHA1

d6af7e8ce4d24218a51c6c46e200791e18182f46
SHA256

e9b61085da2cb9fafc13aada4f6e7057023ef25da3b66311ed7ce51e68595168
SHA512

43f0e52f01059fe69a284bb51fe1221819f4fb000f9deb3309b2eba8f55e8b223669f0be450be0593abb21ba9f54d8ae67a223c7ed192506e3228c5cc171c888
SSDEEP

1536:uXD6P2da9xcQqjauFkbDyx49R52CBpQ2TFW6dP:oZ9v3cNn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4444	2752	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2752	3908	rundll32.exe	87
PID 3908 wrote to memory of 2752	3908	rundll32.exe	87
PID 3908 wrote to memory of 2752	3908	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb05c69cb5982f58888b553d094eed16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb05c69cb5982f58888b553d094eed16.dll,#1
  2⤵
  PID:2752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 720
    3⤵
    - Program crash
    PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2752 -ip 2752
1⤵
PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2752-0-0x0000000074E70000-0x0000000074E93000-memory.dmp

Filesize
140KB

Download
memory/2752-1-0x0000000074E70000-0x0000000074E93000-memory.dmp

Filesize
140KB

Download
memory/2752-2-0x0000000074E70000-0x0000000074E93000-memory.dmp

Filesize
140KB

Download