5d03aa31e99aec7138033b75ccac3012336305861abfca05d5a55e9d78476879 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 06:13

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/nsExec.dll
Size

6KB
MD5

143e45d5929ba564ba0c3a0773be76e6
SHA1

c7e108ad681dd19afc646a43f7ce757388653f57
SHA256

8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d
SHA512

1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003
SSDEEP

96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2724 2172 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 2172	2452	rundll32.exe	rundll32.exe
PID 2172 wrote to memory of 2724	2172	rundll32.exe	WerFault.exe
PID 2172 wrote to memory of 2724	2172	rundll32.exe	WerFault.exe
PID 2172 wrote to memory of 2724	2172	rundll32.exe	WerFault.exe
PID 2172 wrote to memory of 2724	2172	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 224
3⤵
- Program crash
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads