0849989e8709c10c7fe4c5e5ad3b67263b2686d5c09c40c8ee1e47cdd8c79fca | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 23:53

Sharing

Report Analysis Logs

General

Target

pdfium.dll
Size

13.0MB
MD5

79c950394d3b6fc5ea93fbee2e70de2f
SHA1

16b229f1f6755c814adaa1ab9352fc9e98f996d2
SHA256

8d301086740272454c6a92e3c98426617fa4ed11114989f06913c2127a4a23e2
SHA512

7e1952d022ea6f99a1b9e74c0fa1f7ade73276d4e809ab81827174fe80762b90fc900b64e952fad71a47ff58570a0174a1cf0989c9d319d96a0864cc63bee424
SSDEEP

393216:zrn43oIXzWXQUgjVDj4RH9tXSZsg8dfeqrJ:zrn43oIXzWXoY0ZsTdf5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1708	940	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 2248 wrote to memory of 940	2248	rundll32.exe	28
PID 940 wrote to memory of 1708	940	rundll32.exe	29
PID 940 wrote to memory of 1708	940	rundll32.exe	29
PID 940 wrote to memory of 1708	940	rundll32.exe	29
PID 940 wrote to memory of 1708	940	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pdfium.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pdfium.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 228
    3⤵
    - Program crash
    PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads