ae2609c47cd76999818286dedf91ca6f5ce1c14dd6e83713691f674309ec6725 | Triage

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12-07-2024 22:57

Sharing

Report Analysis Logs

General

Target

lua51.dll
Size

389KB
MD5

fb2b8675cf63baddf4430bf7f53ff218
SHA1

502b193ec72eb71192f6b783cffe9b6eb8bc944a
SHA256

16c4d10cb496578b0ca63c0c30e1e346cf3f879326768889386c058760f9a39e
SHA512

41a1183a87b6879add36de49cc876e07dcc365289ebc4359ca836bc9376fef10bedde7e2c878be238315296d20780c06e7305d913757b6879e86051439348892
SSDEEP

12288:siZ+ox9piQ8G27pC6Yyu5t60O0MJuAghAuNwABU:se19pm7pCuCt6+w

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2592 3036 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1508 wrote to memory of 3036	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 3036	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 3036	1508	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
2⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 452
3⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3036 -ip 3036
1⤵
PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads