d8c487f3e4ddb438ffcea9ced6bd394c634562777e5d7d3f379887147023fbd7 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 12:55

Sharing

Report Analysis Logs

General

Target

url_launcher_windows_plugin.dll
Size

315KB
MD5

bfec2012b6589d4496ea0283e90a5269
SHA1

813e3fad5cfe4a30e20f05080d106811c5544fa3
SHA256

f9406ecaa9c86f2946f8b9d997f0210f1f5ee974be6548d1db039014d1b45552
SHA512

396f28eb15ed793db453cd3b3e9118f4386fe24a75e3f3914e881cca3ada8918b98751bdac51c4a5e897cca1e700b2a545686463a6b0dd6719ea172682cfb928
SSDEEP

6144:aK/qrBUA8kikYQQ2sXvNnot1bdNtb1lHSdrkjoE:a8qC5kikpQX1ny1bdv1lHSdYjoE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2076	2384	rundll32.exe	30
PID 2384 wrote to memory of 2076	2384	rundll32.exe	30
PID 2384 wrote to memory of 2076	2384	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\url_launcher_windows_plugin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2384 -s 224
  2⤵
  PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads