93c5a155997f5b5972bd74c5b072ce5008ec5872163634d121f92854112b1fb1 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
31-05-2022 08:20

Sharing

Report Analysis Logs

General

Target

272-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

a59ee1996405d398d8c87f815db9a2a9
SHA1

d25987430825f23440880d8b35484a1c796f3357
SHA256

93c5a155997f5b5972bd74c5b072ce5008ec5872163634d121f92854112b1fb1
SHA512

705ba2ab09b34544b2d47ba1bb5a557adf65e65d3519dc8531ae37092a2a03c54ad974a3e6363ec858211b467bfd562b3b1e6789e67698a5e73ebd5069447e8e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1168 912 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 912 wrote to memory of 1168	912	rundll32.exe	WerFault.exe
PID 912 wrote to memory of 1168	912	rundll32.exe	WerFault.exe
PID 912 wrote to memory of 1168	912	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\272-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 912 -s 56
2⤵
- Program crash
PID:1168

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1168-54-0x0000000000000000-mapping.dmp

Download