3cf39bd49ac009b528c2788bc433a8e1f2860400bba9cc39022308c8f8f5ead9 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 12:44

Sharing

Report Analysis Logs

General

Target

SHCore.dll
Size

465KB
MD5

fca4d9d06c44ba66878dd01d132cd816
SHA1

0d0d8a0e5717ad5c32b557ed0ebc0f237bc9e1b8
SHA256

3cf39bd49ac009b528c2788bc433a8e1f2860400bba9cc39022308c8f8f5ead9
SHA512

ff57c3263845aa116519a2690f8dc68a6198ab7ed3118fbcfb87fa8fb46c3626ba0c2c3a17ff091250dccb80d259efc49eb68adb82944a9d470ffea50490c990
SSDEEP

6144:J4xHLkZfUDBWCAbSprq60XXsGvRBn9Er4FQTv+ewXLISMLY2qWvzrDIJ:9Z0BLAbSQXXs0Er4FQTv+hIS12FvzW

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1640	2004	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 2004	4664	rundll32.exe	82
PID 4664 wrote to memory of 2004	4664	rundll32.exe	82
PID 4664 wrote to memory of 2004	4664	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SHCore.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SHCore.dll,#1
  2⤵
  PID:2004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 604
    3⤵
    - Program crash
    PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2004 -ip 2004
1⤵
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads