c064d143b9b6cb04507782553b30503a2544f0c96c719e7546a34cfe32276308 | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 19:39

Sharing

Report Analysis Logs

General

Target

lua51.dll
Size

389KB
MD5

1f1054cb17fb954ee3ca4886270b79a9
SHA1

4ed5acaa9f29e8792413d7b23c4b5eeed236dd56
SHA256

0e2217ca8ef699c2a756d52c79afcb9661f5f6ee9cef6e43ceb525d366a32ce9
SHA512

556e6e4d2b89ff6369669ddffc6efce42b4e231522a5f4921544d28ca965eebeb0b431a0a6e907185faa34c9de1aa98ff746cdf2e7ef0b133b7b3a74e97bccb8
SSDEEP

12288:qiZ+ox9piQ8G27pC6Yyu5t60O0MJuAghAuNwABG:qe19pm7pCuCt6+w

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2852	2784	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2784	760	rundll32.exe	81
PID 760 wrote to memory of 2784	760	rundll32.exe	81
PID 760 wrote to memory of 2784	760	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
  2⤵
  PID:2784
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 608
    3⤵
    - Program crash
    PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2784 -ip 2784
1⤵
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads