152ed75bb4b87c3830c6b353a2bf84cb6a4ea1ff9450207a7ccf07d0e1c633da | Triage

Analysis

max time kernel
189s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 17:35

Sharing

Report Analysis Logs

General

Target

$TEMP/R2RIKM2.dll
Size

6KB
MD5

5ab745c63015a8f7ad2e352f3e27ffa6
SHA1

451f220317dcd0e1693d0c2c53bf504ba5021393
SHA256

f0daf110506df054c349be136157fca6b534bc36b6029fbd112ce9fea5772bce
SHA512

604959c4521a79adcd217e3a97ae480bfdccdfec05e77342b3ecf092606188ef0268c247739af1030dcd4358b7a6a6a4dfa4f689a773b4a049d18c3d6c40a531
SSDEEP

96:kLEVBzMjDWUymEi2A4PT88aU7a/9aDHJnHI3CWuhlvC5/iBwD35:PhyatiIT8/U7WaJHIKhlvC5/+o5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4352	2256	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2256	1076	rundll32.exe	82
PID 1076 wrote to memory of 2256	1076	rundll32.exe	82
PID 1076 wrote to memory of 2256	1076	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\R2RIKM2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\R2RIKM2.dll,#1
  2⤵
  PID:2256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 612
    3⤵
    - Program crash
    PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2256 -ip 2256
1⤵
PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads