784b1348a30bfd0dc8bfc44b4db3d3922bd74afa5b71a90dfbd47201151b6309 | Triage

Analysis

max time kernel
1565s
max time network
1567s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:37

Sharing

Report Analysis Logs

General

Target

menu.dll
Size

1.0MB
MD5

10f226f349790e2fd3bdf7e65583ee56
SHA1

6c244b4c0246862a5d02a7b44d682b5b780e6e9c
SHA256

58483e3a56e0521437a7e5609e98593c6bae3e1f6ab9968639a723fabf93f936
SHA512

7ca27ce1047648bedc534477c8bc7370296d12c57c496f50dc09334b79186bb682a2f37bb168e74c9aae2e680855f8846e6edffb9d6e44ca682c80e61a25eaef
SSDEEP

12288:jxVwKFYoMwIjHl2jJivkeSzu5/IdmHkm5qswzSNTOoZfwOvyEZotZNVF:jxVMHpjHl2akyHLqjzbWfw4yCGF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1712 wrote to memory of 1916	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1916	1712	rundll32.exe	WerFault.exe
PID 1712 wrote to memory of 1916	1712	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\menu.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1712 -s 80
2⤵
PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads