10178e95452db24c36039db74c9b9d2e12d99c5981b71e1a388ac77fa4c389c0 | Triage

Analysis

max time kernel
66s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 03:40

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/LuaBridge.dll
Size

56KB
MD5

ff60d18a83e7f2ad04a3c2260af6d4f3
SHA1

153f7d7b76592fc3323cf07101b3a8ab35c095b2
SHA256

9af7a3241ed090f7549bb6f7c4cb9d0c718eeeb9366dfe576cf29841483d60a1
SHA512

bbab72c4e6e60f0b0951c81d49827669627e3f32d03f978f5122db83298772eddd1e4046b73335f44683ee29bd68bc9da23fba2e14833e2357111857d842a694
SSDEEP

1536:yDcIngqGIubtZHu3VxJtBkS78HDx/QWyKMzn+:RIgqDVt8jx/QW1w+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1936	3036	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3036	3040	rundll32.exe	83
PID 3040 wrote to memory of 3036	3040	rundll32.exe	83
PID 3040 wrote to memory of 3036	3040	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaBridge.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaBridge.dll,#1
  2⤵
  PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 636
    3⤵
    - Program crash
    PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3036 -ip 3036
1⤵
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads