57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1 | Triage

Analysis

max time kernel
4294183s
max time network
131s
platform
windows7_x64
resource
win7-20220311-en
submitted
26-03-2022 22:49

Sharing

Report Analysis Logs

General

Target

57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll
Size

203KB
MD5

3895fd5c729f59f3418b8780314de272
SHA1

0ad9e1c461872963587196f4797bded27b20e112
SHA256

57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1
SHA512

75ecd26bedaa2ffb2cbc38d8ea9246c5cec23b54d176d5a4d2e24aafb17c41b7838a4faf65cdf4022f8e80b216f112f52750b230db8f7cea843741adc9a68365

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1972 1116 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1116	1468	rundll32.exe	rundll32.exe
PID 1116 wrote to memory of 1972	1116	rundll32.exe	WerFault.exe
PID 1116 wrote to memory of 1972	1116	rundll32.exe	WerFault.exe
PID 1116 wrote to memory of 1972	1116	rundll32.exe	WerFault.exe
PID 1116 wrote to memory of 1972	1116	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 232
3⤵
- Program crash
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1116-54-0x0000000000000000-mapping.dmp

Download
memory/1116-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download
memory/1972-56-0x0000000000000000-mapping.dmp

Download