499ce7e26fd7b500c1e05570bc2266053862c18c5b37c2f72f5ad99a2e32149a | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 09:23

Sharing

Report Analysis Logs

General

Target

concrt140.dll
Size

301KB
MD5

4bf3b66f4387bfa79b202b6977200231
SHA1

564a14d5a15e5711db1df3302b78d293ae16bd83
SHA256

0e9bfecceef8f3e33507dc9b084050ddc72d345a77521507ca5859e709b9ec56
SHA512

30a173780ba6953669cd3aae047fd303146d659d9c3c2d1ac19a9b5c37bcba71b02ca81e948df4c15085e4df0dc76fa43d9c6f54f654625334ebeec625dd8a36
SSDEEP

6144:FFgICyxeINCyLcZ9DqxVSFXZ4zrveUY1XvGyaotnWzg/PH6Y:cVyoU0ZXFJ4HyazzU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2660	2364	rundll32.exe	30
PID 2364 wrote to memory of 2660	2364	rundll32.exe	30
PID 2364 wrote to memory of 2660	2364	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\concrt140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2364 -s 80
  2⤵
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads