4e5bf68a278441f5fd3ba19865b6ecc45563588226199b0cb8b54590885af239 | Triage

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 18:14

Sharing

Report Analysis Logs

General

Target

UTransfer.dll
Size

108KB
MD5

2c7bec32230947e32089869d727e26ab
SHA1

59135e6362c18093dc1f773be0d4d1731c2a4872
SHA256

f3d75323a2ffdaf4c20cbc9d5bb2578b858448a2f45db99bb26fffc61c8bafc7
SHA512

41121e0bb66e3ae42a1cd023a4e094174d4091ba8cf3f0d92fd1d2a1512b8d975943d659669067cabef9ff72fcd6e4999b444af069ac0a06eb7157db9b49085e
SSDEEP

1536:TpCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGtZaHEUfl:Tpo0k6ZWVTaif6sCGqHV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
4620	1140	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 804 wrote to memory of 1140	804	rundll32.exe	84
PID 804 wrote to memory of 1140	804	rundll32.exe	84
PID 804 wrote to memory of 1140	804	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UTransfer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UTransfer.dll,#1
  2⤵
  PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 616
    3⤵
    - Program crash
    PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1140 -ip 1140
1⤵
PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads