369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8 | Triage

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
26-06-2022 01:58

Sharing

Report Analysis Logs

General

Target

369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll
Size

204KB
MD5

84941c1f1af56d701ca737fc9e5c4ac6
SHA1

aecb69223c68240bebca497c8d8b6edd32123695
SHA256

369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8
SHA512

85a180670f18dba30b701438233ab7a962e5454e332fa16b3d422a9a82f9e77233de268cee37575ef20a7bba8482fa97cb8843cf9e60ffad247b6a54eb31e8a3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1344 1004 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1004	1692	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1344	1004	rundll32.exe	WerFault.exe
PID 1004 wrote to memory of 1344	1004	rundll32.exe	WerFault.exe
PID 1004 wrote to memory of 1344	1004	rundll32.exe	WerFault.exe
PID 1004 wrote to memory of 1344	1004	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\369eba9d83f6fa072f924d2a8ab44e497ad5b02eaadeac08e0b20b14e6c49ad8.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 232
3⤵
- Program crash
PID:1344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1004-54-0x0000000000000000-mapping.dmp

Download
memory/1004-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/1344-56-0x0000000000000000-mapping.dmp

Download