9fc4ee76b7681cc483c0bd3cd84a13701f2879ff697565f60d4696b8a6857757 | Triage

Analysis

max time kernel
152s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
19-06-2022 20:51

Sharing

Report Analysis Logs

General

Target

9fc4ee76b7681cc483c0bd3cd84a13701f2879ff697565f60d4696b8a6857757.dll
Size

203KB
MD5

34905c040109383f403d527ff593939d
SHA1

65a27d77e58db76017f775ca21efedbbddb744f5
SHA256

9fc4ee76b7681cc483c0bd3cd84a13701f2879ff697565f60d4696b8a6857757
SHA512

4047a6d4353797992c252d3791c1359b0bed430830aa30d8bf90df4247c0247277cefc7b3f830b3d71f9d3b5ec6e579a497801bf4f3f87cbaee6f69f2416670c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

772 5044 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3360 wrote to memory of 5044	3360	rundll32.exe	rundll32.exe
PID 3360 wrote to memory of 5044	3360	rundll32.exe	rundll32.exe
PID 3360 wrote to memory of 5044	3360	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fc4ee76b7681cc483c0bd3cd84a13701f2879ff697565f60d4696b8a6857757.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3360

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fc4ee76b7681cc483c0bd3cd84a13701f2879ff697565f60d4696b8a6857757.dll,#1
2⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 632
3⤵
- Program crash
PID:772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5044 -ip 5044
1⤵
PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5044-130-0x0000000000000000-mapping.dmp

Download