dea3dcae56acabada707a1c3ee0422fefa1f280aa3ca2c28c52714e16db060d2 | Triage

Resubmissions

09/06/2024, 02:15

240609-cpq8fsca8w 7

09/06/2024, 02:14

240609-cn9cmscg37 3

Analysis

max time kernel
32s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 02:15

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/nsDialogs.dll
Size

11KB
MD5

79a0bde19e949a8d90df271ca6e79cd2
SHA1

946ad18a59c57a11356dd9841bec29903247bb98
SHA256

8353f495064aaf30b32b02f5d935c21f86758f5a99d8ee5e8bf8077b907fad90
SHA512

2a65a48f5dd453723146babca8d047e112ab023a589c57fcf5441962f2846a262c2ad25a2985dba4f2246cdc21d973cbf5e426d4b75dd49a083635400f908a3e
SSDEEP

192:rAki5P7AA9Xm2Y3KkdMG95Kt0qk+PdIgb9rdTiUdH7hs:Ekg7TNm2GdMG9ISx+P99rd+aH9

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2936	1128	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 1128	3652	rundll32.exe	81
PID 3652 wrote to memory of 1128	3652	rundll32.exe	81
PID 3652 wrote to memory of 1128	3652	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
  2⤵
  PID:1128
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 636
    3⤵
    - Program crash
    PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1128 -ip 1128
1⤵
PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-0-0x000000006EB40000-0x000000006EB4A000-memory.dmp

Filesize
40KB

Download