ec89e1c3eb2c04415b7f24bb65f32976f93ca264fb7bad95e7aa842f9b3135d6 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
28-04-2022 16:27

Sharing

Report Analysis Logs

General

Target

1d29af40000.GdiPlus.dll
Size

2.3MB
MD5

66108c5d7e5f4e446991c370c908c00c
SHA1

530797112fbc9743c74f89e9993c1effd44a754a
SHA256

ec89e1c3eb2c04415b7f24bb65f32976f93ca264fb7bad95e7aa842f9b3135d6
SHA512

50340c70c6ddee5659164ce4e1ce64b4d4cb327c75a9ef26e4cd89f44194cd7fd43b0a6263e498f6ef38a0aa7878e977f06ccdf80f638a89144db73e0a43bdf4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

384 1152 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1152 wrote to memory of 384	1152	rundll32.exe	WerFault.exe
PID 1152 wrote to memory of 384	1152	rundll32.exe	WerFault.exe
PID 1152 wrote to memory of 384	1152	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d29af40000.GdiPlus.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1152 -s 168
2⤵
- Program crash
PID:384

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-54-0x0000000000000000-mapping.dmp

Download