248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0 | Triage

Analysis

max time kernel
4294178s
max time network
130s
platform
windows7_x64
resource
win7-20220310-en
submitted
17-03-2022 19:10

Sharing

Report Analysis Logs

General

Target

248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0.dll
Size

208KB
MD5

3332bce90a459be1450245619882ec2a
SHA1

b2c528e42c4dd64ed71adc613ba55159dae1838c
SHA256

248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0
SHA512

c878521f502e9ee55465b713e39ec5b341172d828eec4bd75259f60f14eec42bd079f63facddd274cc3502958bd888a2134cc0a680931eca6d849255cfd9c073

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1100 1088 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 1088	1012	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1100	1088	rundll32.exe	WerFault.exe
PID 1088 wrote to memory of 1100	1088	rundll32.exe	WerFault.exe
PID 1088 wrote to memory of 1100	1088	rundll32.exe	WerFault.exe
PID 1088 wrote to memory of 1100	1088	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\248e43571498357b06ddbcc4edffd85597325c1878048025f5d71ede03bb59e0.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 244
3⤵
- Program crash
PID:1100

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download