3a8a7f8b1268cc6cf7bf7b97a2126cad2f3fa13516ebbf89936c2d146328f94a | Triage

Analysis

max time kernel
135s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 11:53

Sharing

Report Analysis Logs

General

Target

rc7/SciLexer.dll
Size

70KB
MD5

d0aed298460a16c1b587875d411b0b4a
SHA1

f542c3c3bd06c27c70c469bcced845863b10114d
SHA256

e4e19790be03a782497d9ca11f74010b6a016127de984c7cb67a9ac2d04bdfb6
SHA512

d73bbbe77b3caf43696c1685fc89c4d0ac2f0d6e11e6d0161943a2116073cd510f5349c369e51b748ce32c07047a0308960073e5d368acc882a7397398260c92
SSDEEP

1536:pWAlQqfkspI8SZ/b61s0onHsgQXKZsW9QrcdKNZhn6YGxHu:pWypI8w/b6OpMgaKpQ6Kjhn6lO

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3016	1996	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 1996	4488	rundll32.exe	84
PID 4488 wrote to memory of 1996	4488	rundll32.exe	84
PID 4488 wrote to memory of 1996	4488	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\rc7\SciLexer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\rc7\SciLexer.dll,#1
  2⤵
  PID:1996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 600
    3⤵
    - Program crash
    PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1996 -ip 1996
1⤵
PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads