48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b | Triage

Analysis

max time kernel
4294179s
max time network
124s
platform
windows7_x64
resource
win7-20220311-en
submitted
25-03-2022 19:43

Sharing

Report Analysis Logs

General

Target

48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll
Size

203KB
MD5

9d3c82b67fd824fed2ec9de4b7caf665
SHA1

e0b8dfcc664d21eda37a63f4a49853ccda9f6efa
SHA256

48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b
SHA512

6bf691421b24395e5d79b25f6a46e070319c35a9cd8895ed440fe713ccda7f0c633f52e67a004de1a86a88c15e529a6d89bfc6e7ade3c8ef3d9f155d760b336f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

580 1092 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 580	1092	rundll32.exe	WerFault.exe
PID 1092 wrote to memory of 580	1092	rundll32.exe	WerFault.exe
PID 1092 wrote to memory of 580	1092	rundll32.exe	WerFault.exe
PID 1092 wrote to memory of 580	1092	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 232
3⤵
- Program crash
PID:580

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/580-56-0x0000000000000000-mapping.dmp

Download
memory/1092-54-0x0000000000000000-mapping.dmp

Download
memory/1092-55-0x0000000074F31000-0x0000000074F33000-memory.dmp

Filesize
8KB

Download