de929ee1ff829d76f6815b4e29afa109c73c78842c95adb615f10293278fc793 | Triage

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 21:28

Sharing

Report Analysis Logs

General

Target

1384-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

185c43d95b9b13e4fd61c6a528dec24b
SHA1

f7cfcbfed60ee9fcd5862d671470b2a8563385e6
SHA256

de929ee1ff829d76f6815b4e29afa109c73c78842c95adb615f10293278fc793
SHA512

e5971f5493b1963683c0ad8cf9c6e9ad250452e1bd04fed453397b0f96ea94555c1b9a2f15a85ee0aef2fcc240fde94c3fdaa4c0ba1c864acfa0808309a388ba

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process

1172 656 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 656 wrote to memory of 1172	656	rundll32.exe	WerFault.exe
PID 656 wrote to memory of 1172	656	rundll32.exe	WerFault.exe
PID 656 wrote to memory of 1172	656	rundll32.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 656 -s 56
1⤵
- Program crash
PID:1172

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1384-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:656

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-54-0x0000000000000000-mapping.dmp

Download