48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8 | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 08:44

Sharing

Report Analysis Logs

General

Target

48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll
Size

204KB
MD5

be475a8c93f33d7d32eaa933d0e53720
SHA1

e23a4446de5d56afe5234218827e07faf28746bb
SHA256

48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8
SHA512

dcec75fbc8d4c42c26c6a562f0573d24dedc247bda228072cdf65b2d421adfeb08a0584d3866495f7785ad8930996037a2c44903d7021436ebb80ff9f4016951

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3468 3428 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2684 wrote to memory of 3428	2684	rundll32.exe	rundll32.exe
PID 2684 wrote to memory of 3428	2684	rundll32.exe	rundll32.exe
PID 2684 wrote to memory of 3428	2684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48fa896216b45a4346237e2dcccfcf88a1c8a1c5606b65c94a99f431a6fe6ce8.dll,#1
2⤵
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 632
3⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3428 -ip 3428
1⤵
PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3428-130-0x0000000000000000-mapping.dmp

Download