80e7ace75ef379afb6d957688242c1d442adc4daeadaffe132b9137ceda00780 | Triage

Analysis

max time kernel
146s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 21:34

Sharing

Report Analysis Logs

General

Target

MyLink/MyLink.dll
Size

404KB
MD5

8a64a5a185ba4c5a40640467dc839f68
SHA1

47c3c088a3d2b31330a26b38956787982082bd73
SHA256

29645650fa2050b364405e787b94fb24d943558eb5eebf3a15c5f336c19f4c70
SHA512

188e492a8fc1a608e5bc321100c3fc5fe4ab60df7f68f71f5b5438996e4aeabb833033abff8e9523aa12e0cdc2d05ee122f9fb65922ddd2e13454ed4413738a4
SSDEEP

12288:tWAQoGCxqeu/JmO1Hg6nVfLoD83LlSC1Gdw:t9QoGIqRVgg1j3Jp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3916 1592 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2932 wrote to memory of 1592	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 1592	2932	rundll32.exe	rundll32.exe
PID 2932 wrote to memory of 1592	2932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MyLink\MyLink.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MyLink\MyLink.dll,#1
2⤵
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 600
3⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1592 -ip 1592
1⤵
PID:3552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...