2cfd66f26109021243c0a702fb72f10bb14874833910a61f2ebafb7310fb8fa7 | Triage

Analysis

max time kernel
4294182s
max time network
127s
platform
windows7_x64
resource
win7-20220310-en
submitted
20-03-2022 00:43

Sharing

Report Analysis Logs

General

Target

2cfd66f26109021243c0a702fb72f10bb14874833910a61f2ebafb7310fb8fa7.dll
Size

203KB
MD5

98fc3f7471bf5491f9d410ea1641cb3c
SHA1

3d1b9873a49ebcc925d3766628fe36b3ab7b5ff4
SHA256

2cfd66f26109021243c0a702fb72f10bb14874833910a61f2ebafb7310fb8fa7
SHA512

5caf9a1ebaf1170a79c92e9aabe01a84380dd1721020d99cfc13c6636188b778eab86f0f001a47a14cd85cd73a33c3240d70f5c2c29badcc8df75a6e89ee8094

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1648 856 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 856	972	rundll32.exe	rundll32.exe
PID 856 wrote to memory of 1648	856	rundll32.exe	WerFault.exe
PID 856 wrote to memory of 1648	856	rundll32.exe	WerFault.exe
PID 856 wrote to memory of 1648	856	rundll32.exe	WerFault.exe
PID 856 wrote to memory of 1648	856	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cfd66f26109021243c0a702fb72f10bb14874833910a61f2ebafb7310fb8fa7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cfd66f26109021243c0a702fb72f10bb14874833910a61f2ebafb7310fb8fa7.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 232
3⤵
- Program crash
PID:1648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-54-0x0000000075CA1000-0x0000000075CA3000-memory.dmp

Filesize
8KB

Download