89182daada0c90a1dcbb9830338b9033f351d24a0f15aa061c94f9d9b81a1be3 | Triage

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
19-04-2022 03:48

Sharing

Report Analysis Logs

General

Target

8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll
Size

968KB
MD5

6096270feff34baff71c624efc483c60
SHA1

ce8af71382c285eae8226c2faf8de8279d2b6126
SHA256

8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896
SHA512

0dd8dd025696307db394d3303cb8e8e96137e92b4e39ae2d70e385271202cc319cb8a32c2e997513358b64d39ce25e8a0a8b6c9c0c8e8e05a46df12bf67ff736

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

860 1364 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1364 wrote to memory of 860	1364	rundll32.exe	WerFault.exe
PID 1364 wrote to memory of 860	1364	rundll32.exe	WerFault.exe
PID 1364 wrote to memory of 860	1364	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f6c709b9940e39dde52dc9c617642b1a7ec037d537ec2c1d993734c05af0896.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1364 -s 56
  2⤵
  - Program crash
  PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-54-0x0000000000000000-mapping.dmp

Download