ba2101e9dcafa600519d41aac57d92150a467ce3b9a1b18d7faf7f11359da276 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
28-06-2022 15:00

Sharing

Report Analysis Logs

General

Target

1948-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

ae999c68395857ed33803b4af4da7f24
SHA1

78ad9a9791c4e3323b88b3b46de13f51bd790cf5
SHA256

ba2101e9dcafa600519d41aac57d92150a467ce3b9a1b18d7faf7f11359da276
SHA512

77ddf121f036202de93ae02b528bd53137042a309a1ec6dfa640a3a09f7e31ef62454fa7f73c8472a5716ccfe67736fae1364c77129d224403fa5e56ea30de90

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1728 1864 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1864 wrote to memory of 1728	1864	rundll32.exe	WerFault.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	WerFault.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1948-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1864 -s 56
2⤵
- Program crash
PID:1728

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-54-0x0000000000000000-mapping.dmp

Download