39daf48e5d0ba9b28839baadd88c37d6da82ae5891e58c70d133ce025afe2855 | Triage

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
31-05-2022 07:48

Sharing

Report Analysis Logs

General

Target

916-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

081f532d6d2735095ff237cc6fc7bad4
SHA1

7e735ccd0dd33ab6907c4b1dc23b4bfa3345446f
SHA256

39daf48e5d0ba9b28839baadd88c37d6da82ae5891e58c70d133ce025afe2855
SHA512

2b1399868b6a576bfff655684fbe3cd43ae6cd74f785480bed8e5cc73f0472e8c4c61b665bc7b018aa8d48dc07d64c61b279ffd48f95d51590e8021e9650e6cf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1044 1672 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1672 wrote to memory of 1044	1672	rundll32.exe	WerFault.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	WerFault.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\916-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1672 -s 56
2⤵
- Program crash
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x0000000000000000-mapping.dmp

Download