b782dbd696f87d28831fb8dab4efc6d3779e04ceb305c235acd59bf076116cd5 | Triage

Analysis

max time kernel
232s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 10:07

Sharing

Report Analysis Logs

General

Target

nvmp/CrashRpt1403.dll
Size

103KB
MD5

e1649511f335186d0cd89a382c44a0be
SHA1

882e28f6da65b97e85e28e4f2bce6f1fd4cb8f41
SHA256

a68d654461ee949442452872a0a750a01e9e13b3fc9201d3eb70c30cc027ab9e
SHA512

a01f4bc05f46e3e4310cdf1df526ba819a371dbcd2ba9bb2e7cbed6f2c0321634e24e8c84aab70c9267f5a26948accacbe10e3d62d3b7e8752fe90a76d6e7d6f
SSDEEP

3072:vx0HGSmCWR4j6XseOcF3VYSyP0OiESdr64i/Go:mmSmBwfeOQ3VYSc/G

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 4820	3624	rundll32.exe	86
PID 3624 wrote to memory of 4820	3624	rundll32.exe	86
PID 3624 wrote to memory of 4820	3624	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nvmp\CrashRpt1403.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\nvmp\CrashRpt1403.dll,#1
  2⤵
  PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads