bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7 | Triage

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 05:23

Sharing

Report Analysis Logs

General

Target

bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll
Size

216KB
MD5

7be79bcee33e5409fdd006241886de6e
SHA1

9ff95fbb889af1594b234a126e0b7f432241f4f2
SHA256

bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7
SHA512

f855a29768599469835b1a9d27d500ea40869f3683b37e22f79788e3ef15b19d3b348f2938cea64d6eb6145abe4e45c03d7a9a37121fdc101ac349b2d0aa0f50

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2084 488 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4144 wrote to memory of 488	4144	rundll32.exe	rundll32.exe
PID 4144 wrote to memory of 488	4144	rundll32.exe	rundll32.exe
PID 4144 wrote to memory of 488	4144	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bed8c0161b5e7cc1f536eb4b3ebbdc9d3cc0ede5b3ed68b33a1fecc1c8d37fc7.dll,#1
2⤵
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 540
3⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 488 -ip 488
1⤵
PID:4528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/488-130-0x0000000000000000-mapping.dmp

Download