f032af2d2f26cad5b8e05f6f79a79a5234584e6a0d6534f2b9f198a895974538 | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 22:47

Sharing

Report Analysis Logs

General

Target

sixinternal/libstdc++-6.dll
Size

2.2MB
MD5

2e9c9622aa6c1375702661503c341352
SHA1

7931c3c4019befdce5b6521a5018586a4609e2a6
SHA256

7a7bb12c47d9a6068262298726f043035dfbd789c8f52b51ccb92b7a5dab69d7
SHA512

31efc00f44f4e525e66ef9eb5ab50a5e06e04df15d88d08e3316c1b7428030dfa8c693c6273a30c2adb31364bd9470d63a4ba24d4a8264d6fe0ff7ac6f88b91f
SSDEEP

49152:tlvPBqOVB/3lox7ouSGtgG2ulkcH6D2OYiLRXXB4M/UH:TvZqcox7ouSGt2eO7Rh4M/UH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2420	1344	rundll32.exe	30
PID 1344 wrote to memory of 2420	1344	rundll32.exe	30
PID 1344 wrote to memory of 2420	1344	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sixinternal\libstdc++-6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1344 -s 88
  2⤵
  PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-2-0x000007FEFB010000-0x000007FEFB030000-memory.dmp

Filesize
128KB

Download
memory/1344-1-0x000007FEF70F0000-0x000007FEF7195000-memory.dmp

Filesize
660KB

Download
memory/1344-0-0x000007FEF64B0000-0x000007FEF66E9000-memory.dmp

Filesize
2.2MB

Download