95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08 | Triage

Analysis

max time kernel
78s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 08:37

Sharing

Report Analysis Logs

General

Target

95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll
Size

204KB
MD5

8af8b5f1495851b8c52fa4735ac98c26
SHA1

190d879ad5562f71f8e813f22265a98c68f10cd7
SHA256

95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08
SHA512

6f1cd68047499e98c9fc92e025a6b93ac6c6568e15635c60bafedb9af2fff9cb3e9938caff37fbfdb176fa4479954d855d693708747224f6fb33bff12ee940b4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4452 2128 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4100 wrote to memory of 2128	4100	rundll32.exe	rundll32.exe
PID 4100 wrote to memory of 2128	4100	rundll32.exe	rundll32.exe
PID 4100 wrote to memory of 2128	4100	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95b0a9828be2d96490fc0e4c412945eac8ad75b8730ea104e370391897dcdd08.dll,#1
2⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 632
3⤵
- Program crash
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2128 -ip 2128
1⤵
PID:4176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-130-0x0000000000000000-mapping.dmp

Download