57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1 | Triage

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
26-03-2022 22:49

Sharing

Report Analysis Logs

General

Target

57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll
Size

203KB
MD5

3895fd5c729f59f3418b8780314de272
SHA1

0ad9e1c461872963587196f4797bded27b20e112
SHA256

57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1
SHA512

75ecd26bedaa2ffb2cbc38d8ea9246c5cec23b54d176d5a4d2e24aafb17c41b7838a4faf65cdf4022f8e80b216f112f52750b230db8f7cea843741adc9a68365

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1348 3868 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 3868	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 3868	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 3868	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57648c9330c9544033ddf2885d8ddda3d1e4e53e9754b92eb561c52cbe41a5a1.dll,#1
2⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 632
3⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3868 -ip 3868
1⤵
PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3868-130-0x0000000000000000-mapping.dmp

Download