90df2363e983a8cc5fba9ddb989ded5897b5e1ba9bd4acc34e4b737a38fbf3c1 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3d11on12.dll
Size

453KB
MD5

ce6bd4a5b98168ace49be486f7bacab6
SHA1

572dc8ad78e9042043af2147114f021a7388f5a7
SHA256

90df2363e983a8cc5fba9ddb989ded5897b5e1ba9bd4acc34e4b737a38fbf3c1
SHA512

8ab61c1aa9d4e0c509562800c97e7f8e2d919675dffe4b5505e0b9d7286f6202ee548ac1eff35c37e61728cd527aed9735282499dbc8515dc2bd8ddb77773f1c
SSDEEP

12288:PR6Q0/hrBgdSu6xe/qoPh48XBup7gTaPcf:PR6zhrBOUxKPhlBCgTa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3076	3088	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 3088	2572	rundll32.exe	82
PID 2572 wrote to memory of 3088	2572	rundll32.exe	82
PID 2572 wrote to memory of 3088	2572	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3d11on12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3d11on12.dll,#1
  2⤵
  PID:3088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 628
    3⤵
    - Program crash
    PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3088 -ip 3088
1⤵
PID:5116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads