2872fa697d7664406de1e7c52170744f25eb89978c19349c7f9185fe6d9cbff6 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 21:40

Sharing

Report Analysis Logs

General

Target

de929ee1ff829d76f6815b4e29afa109c73c78842c95adb615f10293278fc793.dll
Size

36KB
MD5

185c43d95b9b13e4fd61c6a528dec24b
SHA1

f7cfcbfed60ee9fcd5862d671470b2a8563385e6
SHA256

de929ee1ff829d76f6815b4e29afa109c73c78842c95adb615f10293278fc793
SHA512

e5971f5493b1963683c0ad8cf9c6e9ad250452e1bd04fed453397b0f96ea94555c1b9a2f15a85ee0aef2fcc240fde94c3fdaa4c0ba1c864acfa0808309a388ba

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2020 2008 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 2020	2008	rundll32.exe	WerFault.exe
PID 2008 wrote to memory of 2020	2008	rundll32.exe	WerFault.exe
PID 2008 wrote to memory of 2020	2008	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de929ee1ff829d76f6815b4e29afa109c73c78842c95adb615f10293278fc793.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2008 -s 56
2⤵
- Program crash
PID:2020

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x0000000000000000-mapping.dmp

Download