752[.]csrss[.]exe[.]0x7ff69c810000[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

752.csrss.exe.0x7ff69c810000.dmp
Size

28KB
MD5

53803724e5f75b3c122212b72d7e8d5d
SHA1

124af52eb79197e4d309f2efd16751036e784368
SHA256

2b7bae0dea0cf21e93112220a2e1476bd48317f1d81bbcd005195a31deed3fb4
SHA512

c9880cca2a96aff8ccce6e98887d553113314c3bd68e525a5328778dfd3316b5ead3a8aae6793581ed9543b377bda00ea122172aeb2d0a83467c69751468df74
SSDEEP

96:V9eXn0xDXbQuCdVuXjDJvmM/HTEW58nWw:HQneXCmVmnW58nW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
752.csrss.exe.0x7ff69c810000.dmp

Files

752.csrss.exe.0x7ff69c810000.dmp
.sys windows:10 windows x64 arch:x64

a96fa9912e09e361274ad77f1a4b252c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace

csrsrv

CsrUnhandledExceptionFilter
CsrServerInitialization

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ