9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a | Triage

Analysis

max time kernel
11s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-06-2022 08:37

Sharing

Report Analysis Logs

General

Target

9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll
Size

204KB
MD5

c5104a7e0714a93cae4ebc4e110b8a08
SHA1

040a162be261dcc68ece1a6b70ab89648d666d61
SHA256

9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a
SHA512

f36925443456bae8195ee92a97ca81e99cc4a6e1336910b9fcc9165d1b17fa30efba645d15f0d21867773a876317e36ab157ecb0bfbc07d66d3660a7e799f7b3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1548 908 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 908	1480	rundll32.exe	rundll32.exe
PID 908 wrote to memory of 1548	908	rundll32.exe	WerFault.exe
PID 908 wrote to memory of 1548	908	rundll32.exe	WerFault.exe
PID 908 wrote to memory of 1548	908	rundll32.exe	WerFault.exe
PID 908 wrote to memory of 1548	908	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9127932759bc8b4e77f175e0a867e6152160db9a2d82a69731649c47c673db2a.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 232
3⤵
- Program crash
PID:1548

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x0000000000000000-mapping.dmp

Download
memory/908-55-0x0000000074F91000-0x0000000074F93000-memory.dmp

Filesize
8KB

Download
memory/1548-56-0x0000000000000000-mapping.dmp

Download