29ab5296a03568541165c8632739206457548b5277e7d11f4bc79c2abf8320be | Triage

Analysis

max time kernel
52s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 10:14

Sharing

Report Analysis Logs

General

Target

u9anuq.dll
Size

11KB
MD5

89df018dd4fd875d5b144c0167653a07
SHA1

c7934525cfedad07d92eba5f5f3f04211f3d619a
SHA256

2a3fb636b37575a7b32e7ed1ae6403057e324ae4537e4392777a22ee79a77fe2
SHA512

d5ff8091aab89c0c788d8c1a0ce5ae048284eca5f6f864d654e832764bc77eac6ba92ddc03c32c8d9a817347722bd5f9db4acf10397996d7434f798dc54269bb
SSDEEP

192:+1O/kW4E4WPVBTxicL2lt4S3cGCfEzIWZcX/8yJpq:oONbB9BlJLgt4SsdEzIN0yXq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1716 3652 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

rundll32.exe

pid process

3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe
3652 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1192 wrote to memory of 3652	1192	rundll32.exe	rundll32.exe
PID 1192 wrote to memory of 3652	1192	rundll32.exe	rundll32.exe
PID 1192 wrote to memory of 3652	1192	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\u9anuq.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\u9anuq.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 672
3⤵
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3652 -ip 3652
1⤵
PID:2204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3652-0-0x0000000075030000-0x0000000075037000-memory.dmp

Filesize
28KB

Download
memory/3652-1-0x0000000075030000-0x0000000075037000-memory.dmp

Filesize
28KB

Download