b80e086faafd950de2e28466c2ff2264f072bf03111fc91539b184398012d90f | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-04-2022 07:00

Sharing

Report Analysis Logs

General

Target

b80e086faafd950de2e28466c2ff2264f072bf03111fc91539b184398012d90f.dll
Size

1.9MB
MD5

7cf017c7dc4d10cfcd2c21936ea11305
SHA1

ab4feda85ae8d655d3d8c3dba9c67a581aa45815
SHA256

b80e086faafd950de2e28466c2ff2264f072bf03111fc91539b184398012d90f
SHA512

799c4fef459d366a23acfe09b255236478f02ed15e6f74edf748fb05ca30d1bcde04ae0edaa580dd6230ad1421e9431fb44fe82037963cc29fe1592199fd4425

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	1460	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1064	1460	rundll32.exe	28
PID 1460 wrote to memory of 1064	1460	rundll32.exe	28
PID 1460 wrote to memory of 1064	1460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b80e086faafd950de2e28466c2ff2264f072bf03111fc91539b184398012d90f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1460 -s 56
  2⤵
  - Program crash
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads