17502d6018ea815fa7e922c8349377b569cfd4a5da7cfb6ed09b7b6463ed0e28 | Triage

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-06-2022 21:23

Sharing

Report Analysis Logs

General

Target

17502d6018ea815fa7e922c8349377b569cfd4a5da7cfb6ed09b7b6463ed0e28.dll
Size

164KB
MD5

5804a0d6ea9a6ec4b9e93c406b36800b
SHA1

f63ccf1f6b65985a271c67fbc81a0123ba798276
SHA256

17502d6018ea815fa7e922c8349377b569cfd4a5da7cfb6ed09b7b6463ed0e28
SHA512

90c4e62b7b2414d3010dc06a8dd71dd147c2328e5a7324aabb4aef6cad03ffabcf005a50eb8270672e3be55e1b680faf222bfd0d9fcb0cb785eaec5e6d9de520

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4832 2552 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2564 wrote to memory of 2552	2564	rundll32.exe	rundll32.exe
PID 2564 wrote to memory of 2552	2564	rundll32.exe	rundll32.exe
PID 2564 wrote to memory of 2552	2564	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17502d6018ea815fa7e922c8349377b569cfd4a5da7cfb6ed09b7b6463ed0e28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17502d6018ea815fa7e922c8349377b569cfd4a5da7cfb6ed09b7b6463ed0e28.dll,#1
2⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 544
3⤵
- Program crash
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2552 -ip 2552
1⤵
PID:3296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-130-0x0000000000000000-mapping.dmp

Download