50218cd76716ccb1250f1a491cf26c883fdd18cd78b68c385649d3bbcf8c5cb9 | Triage

Analysis

max time kernel
4s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 03:31

Sharing

Report Analysis Logs

General

Target

lib/libwebpdemux.dll
Size

20KB
MD5

5b8efab17a11e0f1ea345f5d877a79cd
SHA1

354fecf44bf99f383241efce51896913f6e01d14
SHA256

a5d8a57a4745b085e36d4e99aa3ce963cf6e326628d86e7447c9c254dd66751a
SHA512

9d8b07a31e2b150876b9c52d4a80b8be41f11514aabaa9f37405c25c27b3edbaf3a46160b86b92a1bcdfea41670c7162d2dc65d1e47a4cd233601f733a6a540c
SSDEEP

384:eEWuYlZGFLptnr6Tapxiqav5vUE04MEcqn6SWvwnbN:+flZuHr62R60tEc3SWIJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2172	1168	rundll32.exe	29
PID 1168 wrote to memory of 2172	1168	rundll32.exe	29
PID 1168 wrote to memory of 2172	1168	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\libwebpdemux.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1168 -s 84
  2⤵
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads