9028a5967fb73c9da5cd46659cc08152e4adc78b14b015b32ee44a55b65a5498 | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 21:31

Sharing

Report Analysis Logs

General

Target

1672-130-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

6be68140ee0159a0d24b9e1f9d5f8df6
SHA1

625d8756bb718b2227387409492eae2aa249bf59
SHA256

9028a5967fb73c9da5cd46659cc08152e4adc78b14b015b32ee44a55b65a5498
SHA512

796791819c56e44d328f5ac172e9d64ad62e6e47185b334c79a8f82770080faccf94034470252fb4cae6be54d9ae68201ee02c5fe03d85220b8683efc5569c91

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1708 1928 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1928 wrote to memory of 1708	1928	rundll32.exe	WerFault.exe
PID 1928 wrote to memory of 1708	1928	rundll32.exe	WerFault.exe
PID 1928 wrote to memory of 1708	1928	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-130-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1928 -s 56
2⤵
- Program crash
PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x0000000000000000-mapping.dmp

Download