7882e839fc528d5a8d81f85c12abde672e99e8fcb2fb3a1c9d5956a605aebdb7 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 01:39

Sharing

Report Analysis Logs

General

Target

360compro.dll
Size

577KB
MD5

0fa9009a51300dada01e5465aecf9119
SHA1

c093f075bb8f049657c48564469c937c32536117
SHA256

8d52d86b72a29e51a60bc8a586886a7737ce39a5b35d57cfa47b4619dfdb8883
SHA512

655f3e73b9273b897b53e627eb3d4400607d2a7d431e931fe76e225f29abf3b6fe9fac6c0384f7ffe1b3108d947b6d0c2a8ad15fb68aba71e42c9707c682cdce
SSDEEP

12288:9L8Qhz95SGOwzTcFyp1SGpP/Sz0oqwxKJsodLZ6Y1WevvpBNc:zSGOwzTc8RP/zJs2LZ6Y1Jvq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2468	1056	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 956 wrote to memory of 1056	956	rundll32.exe	29
PID 1056 wrote to memory of 2468	1056	rundll32.exe	30
PID 1056 wrote to memory of 2468	1056	rundll32.exe	30
PID 1056 wrote to memory of 2468	1056	rundll32.exe	30
PID 1056 wrote to memory of 2468	1056	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\360compro.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\360compro.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 288
    3⤵
    - Program crash
    PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads