152ed75bb4b87c3830c6b353a2bf84cb6a4ea1ff9450207a7ccf07d0e1c633da | Triage

Analysis

max time kernel
211s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2024, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/R2RIKM2.dll
Size

6KB
MD5

5ab745c63015a8f7ad2e352f3e27ffa6
SHA1

451f220317dcd0e1693d0c2c53bf504ba5021393
SHA256

f0daf110506df054c349be136157fca6b534bc36b6029fbd112ce9fea5772bce
SHA512

604959c4521a79adcd217e3a97ae480bfdccdfec05e77342b3ecf092606188ef0268c247739af1030dcd4358b7a6a6a4dfa4f689a773b4a049d18c3d6c40a531
SSDEEP

96:kLEVBzMjDWUymEi2A4PT88aU7a/9aDHJnHI3CWuhlvC5/iBwD35:PhyatiIT8/U7WaJHIKhlvC5/+o5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4432	3348	WerFault.exe	75

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 3348	4400	rundll32.exe	75
PID 4400 wrote to memory of 3348	4400	rundll32.exe	75
PID 4400 wrote to memory of 3348	4400	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\R2RIKM2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\R2RIKM2.dll,#1
  2⤵
  PID:3348
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 612
    3⤵
    - Program crash
    PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads