14201e36c98a21367bb7feb70de8c1f4af55ba1390c91caf5ca031bea7c9fc33 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
24/06/2022, 01:05

Sharing

Report Analysis Logs

General

Target

m3n4rat.dll
Size

1.8MB
MD5

82fc2d72fa9e510609999618560bb66d
SHA1

f826f1628e71c9aa85dfd2a67e7716b0787ae40f
SHA256

f793313e6ab482167d0da6f456a148a8ea528877d0d4166a0219b43290862561
SHA512

8663ad819ba6faa1cae9db0ab97c0f790e2e983ce2dd4692ea690ff82b3aa2a1c7d756e8dfa62e1b17252f0c677385d2a225b137fca7e35a07a17d76280cf07b

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	1672	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1620	1672	rundll32.exe	27
PID 1672 wrote to memory of 1620	1672	rundll32.exe	27
PID 1672 wrote to memory of 1620	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\m3n4rat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1672 -s 84
  2⤵
  - Program crash
  PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads