4c42b2db4b6d33bec5bdd6a0c5936d60f60bf218a4c4b1109ff464369069a4db | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-01-2025 02:13

Sharing

Report Analysis Logs

General

Target

Other/patch.dll
Size

938KB
MD5

3169b48a9a2086e53c4493c03579902c
SHA1

5f3b2405818c29689875810164e7cd4da3f024c9
SHA256

e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8
SHA512

a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0
SSDEEP

24576:GuiMZV9ciqJmRuzSEdaSL3+LcQVUgl3L94trn4TM9fLnIMftk:UmySaWSglJ4tUTi5t

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Other\patch.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1728 -s 80
  2⤵
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads