d30e33e5f4ec42d96e1641697f3141fcd7f1f8fe8db9301fc72b540ba789f082 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 00:50

Sharing

Report Analysis Logs

General

Target

Voicemod V2.48/dxcompiler.dll
Size

18.9MB
MD5

7f4bcd184c8e5649627b9269021669ca
SHA1

872ea08fb58699c22b9395704096c13a26f265c1
SHA256

71405a9a5df6e4f3d8c8b46a8f59d0877860e7a6240638ec14b3775856cf836a
SHA512

97f68f72ca6425ba4177e65b5def8dc20d2aa282b848efe4242bf302a1ab56d57aef8c95c952e21120932cac835b338b8933c3b667809f46f5cae13b87a9ac39
SSDEEP

393216:cr+5aq5W9hakSTLD5OcHvNOWStBEELm5nNLMJpC6aTOJS:c65WTa3TtBMnOOE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2328 wrote to memory of 2620	2328	rundll32.exe	WerFault.exe
PID 2328 wrote to memory of 2620	2328	rundll32.exe	WerFault.exe
PID 2328 wrote to memory of 2620	2328	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Voicemod V2.48\dxcompiler.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2328 -s 124
2⤵
PID:2620

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...