94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2 | Triage

Analysis

max time kernel
42s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-06-2022 06:09

Sharing

Report Analysis Logs

General

Target

94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll
Size

1.1MB
MD5

b3351695a7cd6c72a5b17ebb8c2c5e54
SHA1

8e96e89113601ac2ebf022b72a2aa6e2c2eb992a
SHA256

94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2
SHA512

e69594d106ee37c629f6f4559a2caa4b689440f17a73a635aa6ba20de921926e63a4fea249239dcbcf895bd66cb004d9840f98c018854bd8159d117720c9380d

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

912 1056 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1056 wrote to memory of 912	1056	rundll32.exe	WerFault.exe
PID 1056 wrote to memory of 912	1056	rundll32.exe	WerFault.exe
PID 1056 wrote to memory of 912	1056	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94f7bc1e910866c5ed1b06242e82c8d5379d143123ff255b87fc78db98c49ae2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1056 -s 56
2⤵
- Program crash
PID:912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-54-0x0000000000000000-mapping.dmp

Download