6f9dea51a6f29a057bb019b26ac9dafc625c33940e673c79eced1c36c53d1ab0 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
26-06-2022 10:25

Sharing

Report Analysis Logs

General

Target

sol3/sol3nia.dll
Size

355KB
MD5

1789e8bad7a537dfdb0259ee510a2cea
SHA1

b4cfc4faed732eff5340d172063ae9991c38b054
SHA256

b26ef5630a4b19bbe5e520c5d41000c2b29855a7c8d5c15af9ddf99661e0231c
SHA512

a47d46bbb4df66a0615cdbe660815ca34976d0eea1b024c7a6ca040827bdbc33c7cae5f5a78805c09e3a69a95026c03b2aa11f859e1feecd39a5b5c36e578e3b

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1304 1612 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1612 wrote to memory of 1304	1612	rundll32.exe	WerFault.exe
PID 1612 wrote to memory of 1304	1612	rundll32.exe	WerFault.exe
PID 1612 wrote to memory of 1304	1612	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sol3\sol3nia.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1612 -s 92
2⤵
- Program crash
PID:1304

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-54-0x0000000000000000-mapping.dmp

Download