122c70db61a16eb2eb0a4aa148b6b18201413dc8d7c7fed8637c09119d1fba28 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:52

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/enjrqjq.dll
Size

166KB
MD5

ce2f5ffc71b5a35226f07eb682ba5dd3
SHA1

dfa1509cccf6e9888b303390280de472133f7624
SHA256

64f78a164b05e72224bcc0335e85aa7761fdaa88e13152318b12540218b0c57a
SHA512

e81fd262d1650b97f340311740e26d00d07c73704341701e3a306411a2eb490c534925e540660101c789d4c06cb21f18fe8763e244884ec0f2b3e5b7e9f199c0
SSDEEP

3072:Gx/uQ61kgMqaVJ/GnurFsNMrdSfj2+TU9slaLC:G/uQ6CgwOur3dS72Ve

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3068 2276 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2908 wrote to memory of 2276	2908	rundll32.exe	rundll32.exe
PID 2276 wrote to memory of 3068	2276	rundll32.exe	WerFault.exe
PID 2276 wrote to memory of 3068	2276	rundll32.exe	WerFault.exe
PID 2276 wrote to memory of 3068	2276	rundll32.exe	WerFault.exe
PID 2276 wrote to memory of 3068	2276	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 220
3⤵
- Program crash
PID:3068

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...