2a1a84b0f5f71353f09d6a01b0504e4a99b19565f2a1207ee2223a4e7918e541 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 00:47

Sharing

Report Analysis Logs

General

Target

n3zarek.dll
Size

1.4MB
MD5

d5e81f4a835ec3720f27a9c8f9be7adc
SHA1

ea298ca07533fdd003d31434932af6bc4fbc5f4b
SHA256

a1986a81bfc049ac6d09a920ff4508dc8454ddcd92d6b8a7f52215b285501f29
SHA512

6c8b0fc0bf37a74bfabf5b57cad8e30f9a115ce72e82ec385499f70e7341478eeaa68004ccdebac5be3bd964ed33ecbabfd5a24dff0c5c616a88d21095a5541e
SSDEEP

24576:IafYliSc2DEvmXdcV8kVXC9XcsADUQKaSkklM9eXZNn4+abX:IafYREOtcVRy9XcsADwa6XZN7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2076	2188	rundll32.exe	30
PID 2188 wrote to memory of 2076	2188	rundll32.exe	30
PID 2188 wrote to memory of 2076	2188	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\n3zarek.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 80
  2⤵
  PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads