299146e2c828679ea8ca6746ec2bc6e575884598759fcfe94cad78b52bc20b6e | Triage

Analysis

max time kernel
12s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
31-05-2022 07:47

Sharing

Report Analysis Logs

General

Target

1980-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

c718e0ad9d1147eb4ed60ae4eaadf996
SHA1

51402df41754714339b6f1434ab664ee94278284
SHA256

299146e2c828679ea8ca6746ec2bc6e575884598759fcfe94cad78b52bc20b6e
SHA512

b79f19890b1e8a64bc266e715bef799b591727c92b410cff67ef7a76aec0b9e0ecc73aeabf2b39c68302e3cb6542e6dfa21abab713b971bdea360eeee1b0904e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1600 988 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 988 wrote to memory of 1600	988	rundll32.exe	WerFault.exe
PID 988 wrote to memory of 1600	988	rundll32.exe	WerFault.exe
PID 988 wrote to memory of 1600	988	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1980-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 988 -s 56
2⤵
- Program crash
PID:1600

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x0000000000000000-mapping.dmp

Download