109e28e1841956878110d3eec893a910c898eff0e7e1491518ee249a2dcf0d52 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 09:24

Sharing

Report Analysis Logs

General

Target

WebView2Loader.dll
Size

154KB
MD5

577f05cd683ed0577f6c970ea57129e0
SHA1

aedf54a8976f0f8ff5588447c344595e3c468925
SHA256

7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf
SHA512

2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047
SSDEEP

3072:R8AhKsY0iHlDhvlUQN2gWNZ6hVThFEtqQbucPqAJwU:usY0+lNv6E2JYEtzbuuV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WebView2Loader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2532 -s 80
  2⤵
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads