f065529a8e0d9acf4a0112e9532afbcad8a6e1b04fe68821d2e74eb27792b703 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 09:01

Sharing

Report Analysis Logs

General

Target

cda5992ae254196cdd639470a19b6122.dll
Size

128KB
MD5

cda5992ae254196cdd639470a19b6122
SHA1

ee4b96cfc4e44ceeddf181fb8d5058f162f60dcc
SHA256

f065529a8e0d9acf4a0112e9532afbcad8a6e1b04fe68821d2e74eb27792b703
SHA512

0aee1788dbc39130e8574e144882e85526b6ec8743574ce458fe001597ff04f7bdfae37ff1c41cf88b9a888411e42490ed08870cee19f01b6ccc647a2477f441
SSDEEP

1536:d548+/4twYXQ8PSaW+Jxu/wHuX+DIqeOpvUuEi4PS:d54TrfalJcrZOF5z

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4908	512	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 512	4484	rundll32.exe	89
PID 4484 wrote to memory of 512	4484	rundll32.exe	89
PID 4484 wrote to memory of 512	4484	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cda5992ae254196cdd639470a19b6122.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cda5992ae254196cdd639470a19b6122.dll,#1
  2⤵
  PID:512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 544
    3⤵
    - Program crash
    PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 512 -ip 512
1⤵
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/512-0-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download