952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546 | Triage

Analysis

max time kernel
359s
max time network
374s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 14:23

Sharing

Report Analysis Logs

General

Target

vulkan-1.dll
Size

925KB
MD5

f9e89d0e3d04f5abb24894c7dbdfcc6e
SHA1

08e51818549aa182130ae8e5369faa3654eb2d1b
SHA256

1a2c79b0f5ccef2ed359e5ecf25c71800321cc4f244d64e2efe0c7e75b453915
SHA512

e10ebcd0d63b2f653cccd888688b1f126d59d18b4a496e85d54b6ac00401274c8fdfa528f13f60d68350c95c4fbb9236c02f4e3733ba99046e4353bb91a8a422
SSDEEP

24576:Ny+lCO+5ia/1DW6pb9MLtX6Z5WdDYsH26g3P0zAk7o3X:NymVqXpbId6Z5WdDYsH26g3P0zAk7on

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2240	2032	rundll32.exe	28
PID 2032 wrote to memory of 2240	2032	rundll32.exe	28
PID 2032 wrote to memory of 2240	2032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2032 -s 92
  2⤵
  PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads