f2fb9cc9875bf8c03fafaaae2de61016e6fe58ae5b780bcf8eb6828a57f0742f | Triage

Analysis

max time kernel
34s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21/06/2022, 18:29

Sharing

Report Analysis Logs

General

Target

1392-92-0x00000000024C0000-0x00000000025D7000-memory.dll
Size

1.1MB
MD5

0099f06d6c0482d29900374ad928b2f0
SHA1

999ececa93237a5217aee450fd610170e6dcfa47
SHA256

f2fb9cc9875bf8c03fafaaae2de61016e6fe58ae5b780bcf8eb6828a57f0742f
SHA512

ce043c0621f86aea303b22ee02573e4e2f19c4d3d47c906b20cd8d37685a25948cb7a09b88a86fe29557c724f5eafb432b86aa42bd768d5cde0dab94545aecf7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	1592	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 1556	1592	rundll32.exe	28
PID 1592 wrote to memory of 1556	1592	rundll32.exe	28
PID 1592 wrote to memory of 1556	1592	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1392-92-0x00000000024C0000-0x00000000025D7000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1592 -s 56
  2⤵
  - Program crash
  PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads