65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe | Triage

Analysis

max time kernel
70s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20220414-es
submitted
23-06-2022 23:06

Sharing

Report Analysis Logs

General

Target

65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Size

20.0MB
MD5

bf5aee7ba0ac7286f4879ca34ca63903
SHA1

9bc40c49a3dbc41f618d11f4b113f234c1713dc4
SHA256

65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe
SHA512

887125ea071749f717f5d39828b5ac200ee8f80aaedfe6b58167c0bfa68ec8e921c0cbbe63de8ad49eab8ff28c5c09d7b06aecf6e51df63f1195c257ddc4cd49

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4484 1196 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4548 wrote to memory of 1196	4548	rundll32.exe	rundll32.exe
PID 4548 wrote to memory of 1196	4548	rundll32.exe	rundll32.exe
PID 4548 wrote to memory of 1196	4548	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#1
2⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 584
3⤵
- Program crash
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1196 -ip 1196
1⤵
PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-130-0x0000000000000000-mapping.dmp

Download