9fa4890001bfa61c05d4d3da5af0d2c0873b524472375ebd1e3bd66e08073421 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-05-2022 08:08

Sharing

Report Analysis Logs

General

Target

bole4d.dll
Size

486KB
MD5

1c27d92924f0cdeac60ba81ec9d8b74c
SHA1

263a07d97d25ac30a5db224788fad1185a2ad3f3
SHA256

486835ad5b265b100bdbfa99a0eba9a190db33ed31fa239fa6767a8f6bd84190
SHA512

f42d2050a9d30cd9e36691f6ef94319b20eb0c44bd412dbabd3f9c2f698e68b9f5bf723123eba23ac4a2fd6ad20b7b2da67b506755769bc14b19446313c317f0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1464 1336 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1336 wrote to memory of 1464	1336	rundll32.exe	WerFault.exe
PID 1336 wrote to memory of 1464	1336	rundll32.exe	WerFault.exe
PID 1336 wrote to memory of 1464	1336	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bole4d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1336 -s 84
2⤵
- Program crash
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-54-0x0000000000000000-mapping.dmp

Download