4e5bf68a278441f5fd3ba19865b6ecc45563588226199b0cb8b54590885af239 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/07/2024, 18:14

Sharing

Report Analysis Logs

General

Target

UTransfer.dll
Size

108KB
MD5

2c7bec32230947e32089869d727e26ab
SHA1

59135e6362c18093dc1f773be0d4d1731c2a4872
SHA256

f3d75323a2ffdaf4c20cbc9d5bb2578b858448a2f45db99bb26fffc61c8bafc7
SHA512

41121e0bb66e3ae42a1cd023a4e094174d4091ba8cf3f0d92fd1d2a1512b8d975943d659669067cabef9ff72fcd6e4999b444af069ac0a06eb7157db9b49085e
SSDEEP

1536:TpCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGtZaHEUfl:Tpo0k6ZWVTaif6sCGqHV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
280	2468	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 2468 wrote to memory of 280	2468	rundll32.exe	31
PID 2468 wrote to memory of 280	2468	rundll32.exe	31
PID 2468 wrote to memory of 280	2468	rundll32.exe	31
PID 2468 wrote to memory of 280	2468	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UTransfer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UTransfer.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 244
    3⤵
    - Program crash
    PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads