131c6d1cff6554f519d1f96404528c1d427ecd66f2cab33e818bfbd84d6a8144 | Triage

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
24/06/2022, 19:11

Sharing

Report Analysis Logs

General

Target

1780-92-0x0000000002570000-0x0000000002686000-memory.dll
Size

1.1MB
MD5

5ab2d7a302f6031eb73a4a0e2f348def
SHA1

afc12f02172a900307548f8ee5f45c31c8e3fd4c
SHA256

131c6d1cff6554f519d1f96404528c1d427ecd66f2cab33e818bfbd84d6a8144
SHA512

465a71508e3cc82be2d57bbe2aea639b7b65aee19bef9c29dc20866d982ca613f913959be5531ab39234732fb93880efad843235ba179d8f0a17a1abe84c3e95

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
872	1416	WerFault.exe	21

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 872	1416	rundll32.exe	27
PID 1416 wrote to memory of 872	1416	rundll32.exe	27
PID 1416 wrote to memory of 872	1416	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1780-92-0x0000000002570000-0x0000000002686000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1416 -s 56
  2⤵
  - Program crash
  PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads