68ee76d5d16b0e75d3b3e4421a86a948300e3bc1748c504a9a277794b18c3ea9 | Triage

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 21:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/StdUtils.dll
Size

97KB
MD5

e6e1b2fa0f634b3a92cd798d7e1d1fcb
SHA1

f7e85f5117cfd4441f64601445b1e6976573e8a2
SHA256

9736e0e0d56e312b3f04f3e4e3af47b3968b92e221084eba35982c4de63c93d0
SHA512

ed7a69f0c6468b23eed478937fc79b9cfdc409d0f2c4c72592bf4e6637f013b14527cf166606ab787014fc2d45789d614f8b7a700af73f3483dc0b979dcf591b
SSDEEP

3072:Yy+DEk8SISx7hRHMnMg7FWdD7SwUkcuJN4DuAeN9I+rga:l+XM8p

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	2640	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 2640	3088	rundll32.exe	83
PID 3088 wrote to memory of 2640	3088	rundll32.exe	83
PID 3088 wrote to memory of 2640	3088	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
  2⤵
  PID:2640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 612
    3⤵
    - Program crash
    PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2640 -ip 2640
1⤵
PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads