b4b6f0ce548f5ec6207bf0f8350011f953ef5d4011ff288ef5e2e0376cc18ded | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 08:38

Sharing

Report Analysis Logs

General

Target

Perm Spoofer/brotlidec.dll
Size

49KB
MD5

2eebbc5aeea0483bd23b37821df77021
SHA1

c1c81fa0e3ceb62950a61f4c2364fa3f68ae9709
SHA256

7d0deb00e9ef1fe068e357196d3398adcdf1b747df68bfaf043dde13be3be67b
SHA512

3ee60b7abe8a61971226f30529711e0600ce024198aacffa8536ab594bd014d26b22e0b6c9ac1f7e0c2feb94a3584a101c1548d7691214be0d652898ce87b305
SSDEEP

768:iRc1dGuGMH5uA7Y9QkEQ6DD2m29HvyZazQxARbYs30ZzY1:i6Hn5hM91EQ6vF29HKyGY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2160 wrote to memory of 2548	2160	rundll32.exe	WerFault.exe
PID 2160 wrote to memory of 2548	2160	rundll32.exe	WerFault.exe
PID 2160 wrote to memory of 2548	2160	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Perm Spoofer\brotlidec.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2160 -s 80
  2⤵
  PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads