d2cf5e5e1018f5bc2192ed06dca9732d687cc2735aa07bf763c1721df108a36e | Triage

Analysis

max time kernel
35s
max time network
39s
platform
windows7_x64
resource
win7-20220414-en
submitted
27/06/2022, 17:14

Sharing

Report Analysis Logs

General

Target

n3zarek.dll
Size

1.4MB
MD5

8135745a29f02e96db7b075de3bb7fdb
SHA1

fabafe2e3440dbd71d8d9614a3c8abfb1434eac9
SHA256

90576eb6754dd1c38fb4cea4bf3f029535900436a02caee891c057c01ca84941
SHA512

df5b9c699f5f85d3d666b4cb0d05f49f798a8c3fec93e98fdc0ccc703bc1cabc5752852e1a5f4020fdd9c7a1c48337ff4370b18091e03b6155262e77daafe43d

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1796	848	WerFault.exe	25

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1796	848	rundll32.exe	26
PID 848 wrote to memory of 1796	848	rundll32.exe	26
PID 848 wrote to memory of 1796	848	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\n3zarek.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 848 -s 84
  2⤵
  - Program crash
  PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads