430c736b3112dae51f0e93ac1120549a6cb453b52f6036e1d086a93afefc858b | Triage

Analysis

max time kernel
41s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-05-2022 08:04

Sharing

Report Analysis Logs

General

Target

mi90o.dll
Size

486KB
MD5

0ad0a1a3bfc696759bac79077654aa8a
SHA1

38bea715a0c8642e0d67213be6206bbe4b9afc44
SHA256

a8058555e8b476a0975d103228ec26b53cd71dac34d21f58acfc395a38acdb1d
SHA512

dd1588cbe8ac2915f0953976e8f5c837c1bb5fb7cf484fdeb46ba99ea070a0093a440cb876a88b909bd170502218d6fa52bf1c693611e9b973e53c870a3bc6d6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1188 1520 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1520 wrote to memory of 1188	1520	rundll32.exe	WerFault.exe
PID 1520 wrote to memory of 1188	1520	rundll32.exe	WerFault.exe
PID 1520 wrote to memory of 1188	1520	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mi90o.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1520 -s 84
2⤵
- Program crash
PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1188-54-0x0000000000000000-mapping.dmp

Download