03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
31-05-2022 14:59

Sharing

Report Analysis Logs

General

Target

03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll
Size

37KB
MD5

c41e2c2cc5843cedd79162c73787d4de
SHA1

3a3530dc465b07b2d862c3fdd37dcec2735d43ae
SHA256

03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012
SHA512

3bdf1c0e137d68a5552e6be105d6a361f469aebe4513241a5841270e851562d1d229e04510bee02b318ebdf5eb65f7d4627dc15fcfbd2bdd7f3a6f5c885355c0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1724 1100 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1100 wrote to memory of 1724	1100	rundll32.exe	WerFault.exe
PID 1100 wrote to memory of 1724	1100	rundll32.exe	WerFault.exe
PID 1100 wrote to memory of 1724	1100	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1100 -s 168
  2⤵
  - Program crash
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x0000000000000000-mapping.dmp

Download