b66a06b7bd494c13b470ffbfa86d271856708a6d93a7117b725001e6e6aef08d | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 12:56

Sharing

Report Analysis Logs

General

Target

sirrah.dll
Size

52KB
MD5

e07ca0e84fc1eeedeccc2dec1e123128
SHA1

36731fd829ced121434e80ae92f62c169d949db3
SHA256

659d9bf3fbe53372fa97394cc67eb6904c9339a44d0c56a53d5ca1c4dda0c842
SHA512

bdf232c7b5784c38d7a0feeb103459cf6534eb6ce63e158efeb269452785219c3051f736ffa53ed20306f1cfa1ac3af6b4a09c8392f3126517d0c0f291772f10
SSDEEP

768:kH1nb/WcYwIsw+5ztCjW4UxugTY99imgVt3XJ:kH1nTWc0sw+FtCCVugs+1tnJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1704	1260	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1924 wrote to memory of 1260	1924	rundll32.exe	28
PID 1260 wrote to memory of 1704	1260	rundll32.exe	29
PID 1260 wrote to memory of 1704	1260	rundll32.exe	29
PID 1260 wrote to memory of 1704	1260	rundll32.exe	29
PID 1260 wrote to memory of 1704	1260	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sirrah.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sirrah.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 224
    3⤵
    - Program crash
    PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads