5c98b12996ac09261ceeca96c53e149eb8986fdfad5f280c7715be4a944c29b6 | Triage

Analysis

max time kernel
4294183s
max time network
124s
platform
windows7_x64
resource
win7-20220310-en
submitted
23-03-2022 22:07

Sharing

Report Analysis Logs

General

Target

1888-55-0x0000000180000000-0x000000018000B000-memory.dll
Size

44KB
MD5

27fa2b74dc14cec75127544c654d3278
SHA1

6a461f65d030fe2cf60e9ce382ebcfc44281df94
SHA256

5c98b12996ac09261ceeca96c53e149eb8986fdfad5f280c7715be4a944c29b6
SHA512

c3362109e0ab3f9df26c271bb2e91d737f404c95d33f891618c311a8a62d2b01726ed1fb8e127977fe91b68cbd769eb3f7220864039864697b7d0eec68ac0aac

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1636 1616 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1616 wrote to memory of 1636	1616	rundll32.exe	WerFault.exe
PID 1616 wrote to memory of 1636	1616	rundll32.exe	WerFault.exe
PID 1616 wrote to memory of 1636	1616	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1888-55-0x0000000180000000-0x000000018000B000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1616 -s 56
2⤵
- Program crash
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-54-0x0000000000000000-mapping.dmp

Download