General
Target

bole4d.dll

Filesize

486KB

Completed

18-05-2022 08:10

Task

behavioral1

Score
3/10
MD5

1c27d92924f0cdeac60ba81ec9d8b74c

SHA1

263a07d97d25ac30a5db224788fad1185a2ad3f3

SHA256

486835ad5b265b100bdbfa99a0eba9a190db33ed31fa239fa6767a8f6bd84190

SHA256

f42d2050a9d30cd9e36691f6ef94319b20eb0c44bd412dbabd3f9c2f698e68b9f5bf723123eba23ac4a2fd6ad20b7b2da67b506755769bc14b19446313c317f0

Malware Config
Signatures 2

Filter: none

  • Program crash
    WerFault.exe

    Reported IOCs

    pidpid_targetprocesstarget process
    14641336WerFault.exerundll32.exe
  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1336 wrote to memory of 14641336rundll32.exeWerFault.exe
    PID 1336 wrote to memory of 14641336rundll32.exeWerFault.exe
    PID 1336 wrote to memory of 14641336rundll32.exeWerFault.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bole4d.dll,#1
    Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1336 -s 84
      Program crash
      PID:1464
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1464-54-0x0000000000000000-mapping.dmp