e843f357788c17351b569fd3ff32cdb91fe498eec76c0397e6c0fcfd978edb53 | Triage

Analysis

max time kernel
41s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
10-05-2022 14:59

Sharing

Report Analysis Logs

General

Target

olasius.dll
Size

576KB
MD5

2d01a326dcb38cd629b771e35ad3f5d5
SHA1

111af3037c9837e8fb43610e070af474bd9bcbea
SHA256

6c168f840b0af92cc2974a95151d3b21f02c37be9d16225bac03ece6c1404369
SHA512

a3fd2c640a6a478796e06ca88a2b5752ed37ccbae9c419488ccbdef8c344c4379becd2e3d1beda1f3bab4d3b943917a9b23d9e3fea5bb6d3148b0904b8996a76

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1668 1452 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\olasius.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1452 -s 84
2⤵
- Program crash
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000000000000-mapping.dmp

Download