31f291dd361316edaa00aa71563ea77a098782c8f37805e61a28b0b159785172 | Triage

Analysis

max time kernel
93s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 16:34

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/nsRandom.dll
Size

21KB
MD5

ab467b8dfaa660a0f0e5b26e28af5735
SHA1

596abd2c31eaff3479edf2069db1c155b59ce74d
SHA256

db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
SHA512

7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
SSDEEP

384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral14/memory/8-0-0x0000000001F90000-0x0000000001FA2000-memory.dmp	upx
behavioral14/memory/8-2-0x0000000001F90000-0x0000000001FA2000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1116	8	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 8	212	rundll32.exe	81
PID 212 wrote to memory of 8	212	rundll32.exe	81
PID 212 wrote to memory of 8	212	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsRandom.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsRandom.dll,#1
  2⤵
  PID:8
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 620
    3⤵
    - Program crash
    PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 8 -ip 8
1⤵
PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/8-0-0x0000000001F90000-0x0000000001FA2000-memory.dmp

Filesize
72KB

Download
memory/8-2-0x0000000001F90000-0x0000000001FA2000-memory.dmp

Filesize
72KB

Download