d865eb22b01c9efa2d3d48f2df807fbd89783cfc06e7377635415c97be1f021e | Triage

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 06:55

Sharing

Report Analysis Logs

General

Target

app-0.89.2/app-0.89.2/libcurl.dll
Size

556KB
MD5

6b2548cc404f3dd55634efa291fa98d0
SHA1

a076a60d99d70fd8aa7664a2534445a502febe27
SHA256

7ae384b8695d7a9c2b6640927cb6ac592229aef9ebeeb80b91d556777c6dfb5d
SHA512

14068e9e7d5f7e4494ffa75d369068234cdb050286d3356298e0387cf13d7681c0d68b57b6b299958c86ee3ae1dc3e54adc4c376e7b869d7d76fc2e91ed95009
SSDEEP

12288:MoLVDsDp3Sx8rKASzlbMZO/IR+nyu20jlTov3+:35DEsxl6O/IRUT6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2628	2296	rundll32.exe	30
PID 2296 wrote to memory of 2628	2296	rundll32.exe	30
PID 2296 wrote to memory of 2628	2296	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\app-0.89.2\app-0.89.2\libcurl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2296 -s 96
  2⤵
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads