c3706d4f86ac7157e76382c255c0aa84dbae391282113f48791a9ae3d0502c20 | Triage

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:48

Sharing

Report Analysis Logs

General

Target

AcSpecfc.dll
Size

451KB
MD5

e9ea1fd3fe480dceb9e35e95032aeef1
SHA1

9ada899144715427902a3d54bc5d870d932f6127
SHA256

c3706d4f86ac7157e76382c255c0aa84dbae391282113f48791a9ae3d0502c20
SHA512

7fdd91af46ee4983e21e5ac055a089d11b9309b323c60bea196378b1a76e56807d26759a78190c793050b7dd3b95de53c0778cc2d1a4530820415c3fd59d9aad
SSDEEP

6144:UmNgm0GiYRJCzk60h2rc3WPiLH92eFWHgg0uLUrEaJ+XBa0gTXqOxQdyKW+mu:2siwKcCiLd1WHggBAgaJrTHu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4556	2380	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2380	1272	rundll32.exe	86
PID 1272 wrote to memory of 2380	1272	rundll32.exe	86
PID 1272 wrote to memory of 2380	1272	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AcSpecfc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AcSpecfc.dll,#1
  2⤵
  PID:2380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 716
    3⤵
    - Program crash
    PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2380 -ip 2380
1⤵
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads