614faf1817d22b4e6922cdd6280bc972bc5e8b166116d46b45a2fbb08acb199b | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 05:27

Sharing

Report Analysis Logs

General

Target

iiscors.dll
Size

152KB
MD5

89e374da26dc274f118c9e5b68f32e7b
SHA1

ae32e590beecbe2d87dc29c9808a3ac2a02d655a
SHA256

614faf1817d22b4e6922cdd6280bc972bc5e8b166116d46b45a2fbb08acb199b
SHA512

7ee4b3e0a80c90385b465f1b9c005cd6e8475ed2efa202d6f16e3c104aa507bc4774ff7498f25d5b69cfb16678bf2d85b71f8d8cde4312b361ecf47bfc15dcd2
SSDEEP

3072:jmp3UxxQ1eRVeO7bQt1h2oP0zjxlWltx99bOaPtv8U0Yr8u6:jfxceRVeO7bQtz2c0zNlWjTsi87

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2208	2024	rundll32.exe	28
PID 2024 wrote to memory of 2208	2024	rundll32.exe	28
PID 2024 wrote to memory of 2208	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\iiscors.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2024 -s 112
  2⤵
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads