48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b | Triage

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
25-03-2022 19:43

Sharing

Report Analysis Logs

General

Target

48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll
Size

203KB
MD5

9d3c82b67fd824fed2ec9de4b7caf665
SHA1

e0b8dfcc664d21eda37a63f4a49853ccda9f6efa
SHA256

48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b
SHA512

6bf691421b24395e5d79b25f6a46e070319c35a9cd8895ed440fe713ccda7f0c633f52e67a004de1a86a88c15e529a6d89bfc6e7ade3c8ef3d9f155d760b336f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4180 4432 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1012 wrote to memory of 4432	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 4432	1012	rundll32.exe	rundll32.exe
PID 1012 wrote to memory of 4432	1012	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48117c5c3338e3ffbd9b1cc388691ccd1ef52fd1e5efc81280f50c90ac4df73b.dll,#1
2⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 632
3⤵
- Program crash
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4432 -ip 4432
1⤵
PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4432-130-0x0000000000000000-mapping.dmp

Download