df74181b5043f10c6a0b756bec1ae6a5ee92cab5380bf4d0f420ffd7bdbecb86 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:39

Sharing

Report Analysis Logs

General

Target

icudt55.dll
Size

25.1MB
MD5

5ba2ba4c4df2ca24dec0d37d74d319c3
SHA1

2959ee5743ec611161bb126201cfb3e9930a84a3
SHA256

2cbafcc04dde73b3f9d00ae91c8bc2bc3d2eb47e376bfc76a1077a762b50feb7
SHA512

f4e297ad39fa8f4434f07870982b5fbd4ddd0ad1e0b76d38bb78d45ab68b60b5df0b4f97cddc03e3ac35bed96115ffb43ed43e6c992bdbbacd383e59f160b75e
SSDEEP

393216:tlPHUoGGwqlFFkUhpXAbdSVyIjAeUl2wVbxkvwgH9ve22TDsakzYu8qtnIZ:LFGr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2432 wrote to memory of 2920	2432	rundll32.exe	28
PID 2432 wrote to memory of 2920	2432	rundll32.exe	28
PID 2432 wrote to memory of 2920	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\icudt55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2432 -s 80
  2⤵
  PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads