9f35623c249226a739c810db0da1b7332b9d98222e9e50c8aaa001edcf505af1 | Triage

Analysis

max time kernel
90s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 23:16

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/itfd.dll
Size

42KB
MD5

af514b31b839ced67c0907a6569e3495
SHA1

ca1c2fd9e815d695ec163cac2d2feb72fa9b0a00
SHA256

e5b37e22db2aab4db04417c4b30be841686e2300687d5b3abd8a0456cd144d31
SHA512

22920f0365435be0961a33009ab1bff010ab5534553bd9d75e9be30ea588c67ea8ac7be936e4759019cb2a7fa6232fbbb4cef516ab54f68396934f383da52055
SSDEEP

768:0t8W+2zCq7jt8fFhCQcFSOzin3WfMGjny8+XY4PscAigP:0t8uzf7RJQcm3Wl+XY40cTgP

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2776 4752 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 5112 wrote to memory of 4752	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 4752	5112	rundll32.exe	rundll32.exe
PID 5112 wrote to memory of 4752	5112	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 4112	4752	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 4112	4752	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 4112	4752	rundll32.exe	rundll32.exe
PID 4752 wrote to memory of 4112	4752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\itfd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\itfd.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:4752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\itfd.dll,#1
3⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 656
3⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4752 -ip 4752
1⤵
PID:976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4752-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download