a103eb8651919aa766240be499a9d2fc836d656baaeecb6c830bf829ade3da34 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 13:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Json.dll
Size

288KB
MD5

66a0db193654f67d052f1cf0fb2b05da
SHA1

33405eceaa8100534486fda5a602dcb806c83fae
SHA256

a103eb8651919aa766240be499a9d2fc836d656baaeecb6c830bf829ade3da34
SHA512

433245cd589a56e3acd8e2b6a9ffa6fcf35a261a89ea1d64ad407a8cf785b921f338b2daa9caa1a4925a1a449e688a8c593582e627a3a0d5fcff1106b5b2786d
SSDEEP

6144:9Rzu4hamfhwjj/7BtE9srZOSsbeGnz9CGFBZqur8ylRZOf:9du4J5wndtYsrobnB8urZREf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2316	2460	rundll32.exe	28
PID 2460 wrote to memory of 2316	2460	rundll32.exe	28
PID 2460 wrote to memory of 2316	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Json.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2460 -s 80
  2⤵
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads