447a641eed966b1b3c6b1661ea94de96488a4c72c8aabfed2b7cf5a0f6191193 | Triage

Analysis

max time kernel
132s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 11:54

Sharing

Report Analysis Logs

General

Target

BCP47Langs.dll
Size

292KB
MD5

ecb3a21d1d9fe1587eb8a962f26bf4d7
SHA1

a946c6931f9223e6252eeaffcdf26c98c82ccc61
SHA256

447a641eed966b1b3c6b1661ea94de96488a4c72c8aabfed2b7cf5a0f6191193
SHA512

8e37c45717f01b7e335007296437f2b47b245b0e2eeef69daca74c7927924ee800848d8931af96c867edb438982a8d519438ad0fda5324aedc1b82ba0b19946d
SSDEEP

6144:WO35NbAl1DJsf7URI4D3buGeqZuwMoi5C8EltjPULy05m:z35Ny12sI4DLuGe4ufoi5CkF5m

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4928	732	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 732	3108	rundll32.exe	84
PID 3108 wrote to memory of 732	3108	rundll32.exe	84
PID 3108 wrote to memory of 732	3108	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BCP47Langs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BCP47Langs.dll,#1
  2⤵
  PID:732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 732 -s 600
    3⤵
    - Program crash
    PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 732 -ip 732
1⤵
PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads