9e442b0e55f32011a9a2ceca31260b18edde487f49c9fc569e1ee0c8d188cd33 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 15:19

Sharing

Report Analysis Logs

General

Target

ext.dll
Size

596KB
MD5

6d3b5e41e546279c2d8b2db0e0e50948
SHA1

bb24b59de8db62ba55fbc789883429708c8abe3a
SHA256

9e442b0e55f32011a9a2ceca31260b18edde487f49c9fc569e1ee0c8d188cd33
SHA512

4a968a56d3328909e82b0a4564c7f51d12c5f5c91fdbe61863689180b9150d509636470fe8fc5fcff3d3e49f970921c57d1d4b6cd1dadad80b648a3219d62e94
SSDEEP

6144:Y0KYKHO1eBYgpXfrgcn5SZeQPTLojsZdx77j95wJK5iULZIbVgsohZd67pB:Y0Kr4upvrgcn5SrBZdVjPriUaJto3a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2864	2840	rundll32.exe	30
PID 2840 wrote to memory of 2864	2840	rundll32.exe	30
PID 2840 wrote to memory of 2864	2840	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ext.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2840 -s 140
  2⤵
  PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads