cbd602b0369f3026ac13ab6902ad682bc7480c0d1e5ac9da1e032dbec0a8b77c | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-06-2022 12:52

Sharing

Report Analysis Logs

General

Target

1008-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

f99f3e8223f1882b5cc2736992b27a74
SHA1

f3f50bcf76b0e80206f4bdd323bc6380184f9ee7
SHA256

cbd602b0369f3026ac13ab6902ad682bc7480c0d1e5ac9da1e032dbec0a8b77c
SHA512

f8c731a16623fa2ef1e03771781c7f729a8d8024ca9e500129e3219f3fa39a7d25899c0c7b8204926b19845ecb85cbfa6b75a6e91e6a81b8c8bc345e68308386

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1640 1016 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1016 wrote to memory of 1640	1016	rundll32.exe	WerFault.exe
PID 1016 wrote to memory of 1640	1016	rundll32.exe	WerFault.exe
PID 1016 wrote to memory of 1640	1016	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1008-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1016 -s 56
2⤵
- Program crash
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-54-0x0000000000000000-mapping.dmp

Download