4447425f0a7e2ec8aa7f5bb5c2716b686ad704762ea9bb6f2f6707f1ae4399e8 | Triage

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 19:02

Sharing

Report Analysis Logs

General

Target

tak_deco_lib.dll
Size

315KB
MD5

cb9517a9c0147410a7a02d2cfe1c51ed
SHA1

5a7d26da73da11955551c898ab6e084aa048c443
SHA256

9d10701eed63382a46b2bc352feb7394759bf02c44a2bc67d7bf4d4d3393fb52
SHA512

e67c77866a86efbdd3eb2f4ac870fe1bb1387b0012d280ac3dfc76248f4d6b6843ee341346ff56056c7f08fea52b6e66d412126494236e47c355ed50f3331f30
SSDEEP

3072:FWxbAJvRdg6UwambkfOhOmesG+4ny2lV0+Z74:mYjm2IfmRHAyQVrZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2364	2644	rundll32.exe	30
PID 2644 wrote to memory of 2364	2644	rundll32.exe	30
PID 2644 wrote to memory of 2364	2644	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tak_deco_lib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2644 -s 132
  2⤵
  PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2644-0-0x0000000001D60000-0x0000000001DBE000-memory.dmp

Filesize
376KB

Download
memory/2644-1-0x0000000001D60000-0x0000000001DBE000-memory.dmp

Filesize
376KB

Download