5695946b93090d80d700e7cd3df5205befdf85701b3cedf7d547b2dcc322be38 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 16:13

Sharing

Report Analysis Logs

General

Target

us.nvngx.dll
Size

71KB
MD5

7208704dc04fbb77f9aa8e0d1801a13b
SHA1

339df020b87e7d33c2c5e3b3a680b267fc19e07a
SHA256

5695946b93090d80d700e7cd3df5205befdf85701b3cedf7d547b2dcc322be38
SHA512

f6b67d2f36f779bb39e1893275909eeed92a886ca8c5ee041a7dc01d5ce951820cb33d8a6172576b855ceac581332725c581cc12d49f6081acd6812f70871a3d
SSDEEP

1536:lGv8NnWUqz+mA6Q54z02sH5U9wLRJ1fKKVVQreGB/NO:lGrU/6Q5iTmfNKV/N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3004	2984	rundll32.exe	28
PID 2984 wrote to memory of 3004	2984	rundll32.exe	28
PID 2984 wrote to memory of 3004	2984	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\us.nvngx.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2984 -s 84
  2⤵
  PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads