58d80782c3fb365c3dc4cd812bae64b0a0d3e1d981e11ccb32c7e6219395b90e | Triage

Analysis

max time kernel
89s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19/04/2024, 09:40

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/LangDLL.dll
Size

5KB
MD5

ea60c7bd5edd6048601729bd31362c16
SHA1

6e6919d969eb61a141595014395b6c3f44139073
SHA256

4e72c8b4d36f128b25281440e59e39af7ec2080d02e024f35ac413d769d91f39
SHA512

f9dc35220697153bb06e3a06caf645079881cb75aed008dbe5381ecaf3442d5be03500b36bbca8b3d114845fac3d667ddf4063c16bc35d29bbea862930939993
SSDEEP

48:im1nEhqneMPUptuMMNvimk2BAZuMTRCpYEvJdUJvR0J6of5dwe:F1jpl9NLBAZuYtR0xd

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3180	4180	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4180	4108	rundll32.exe	79
PID 4108 wrote to memory of 4180	4108	rundll32.exe	79
PID 4108 wrote to memory of 4180	4108	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
  2⤵
  PID:4180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 448
    3⤵
    - Program crash
    PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4180 -ip 4180
1⤵
PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads