edeeac910c6b509f77af7d15b486554a4e0163e17f8996547cdfcb573b88f2ec | Triage

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 11:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AdbWinUsbApi.dll
Size

65KB
MD5

e489a973fc775dc810add6f46081ffd7
SHA1

7fc29f24e3a2f8309256a675808d4bed04598b45
SHA256

57d8fe338a6d4c00bec70236c1f9638ceaa4c690fddc2c2f8366eb770703b9bd
SHA512

cd756a1b62b03d0f6f429561b9aff252ceada30c611a193ca641fb4b182155fb3de89d0c292317a6a0b32443f26f1e16ebb6bd2898e6beaab743668eac857cc7
SSDEEP

768:dLNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70edrqqOkIWrEJ:syY8wugEwOVEXdz70e4gIb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
788	3848	WerFault.exe	91

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 3848	4136	rundll32.exe	91
PID 4136 wrote to memory of 3848	4136	rundll32.exe	91
PID 4136 wrote to memory of 3848	4136	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdbWinUsbApi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdbWinUsbApi.dll,#1
  2⤵
  PID:3848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 616
    3⤵
    - Program crash
    PID:788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3848 -ip 3848
1⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads