11ac2fb7031c790026fe6c9e962a9d8d65f5a39c851a6c4163b5fd57585ca6c3 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 04:31

Sharing

Report Analysis Logs

General

Target

dinput8.dll
Size

35KB
MD5

3b37d8bbbce586a6f71dff687a25eb9c
SHA1

d4da927f4959d468002f3b8286525faadab9f300
SHA256

11ac2fb7031c790026fe6c9e962a9d8d65f5a39c851a6c4163b5fd57585ca6c3
SHA512

1f50059f4f966fd58bb3980266410e8327b1f7c6cfc9f1fb5a67f0a79b3a2004df72e381c63fb3c100e9ca88f0ab055fc6ebbdd31606a4f142e0e9b477c30be2
SSDEEP

768:C7wgx0iIpg3h9Fd9fQq5WL8VtOFyEB4R95eIujL1:C7wgSiwSNbOFZy6jL

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2460 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2460 wrote to memory of 2720	2460	rundll32.exe	WerFault.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	WerFault.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dinput8.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2460 -s 108
  2⤵
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads