a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 06:28

Sharing

Report Analysis Logs

General

Target

a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll
Size

206KB
MD5

13a650cd7f2b3430e2d26a489acc897f
SHA1

951899592d832f31d891e31a88acf9a19cbae9aa
SHA256

a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721
SHA512

9e8bfe2adc9f233f63361dfd456bd445b012b1fee3ec9bd372f6e98633d7c219895ca278483d0bd74b797a2a57798f0485ea5da9f28bf900831db322fe1bcac4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2036 308 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 1308 wrote to memory of 308	1308	rundll32.exe	rundll32.exe
PID 308 wrote to memory of 2036	308	rundll32.exe	WerFault.exe
PID 308 wrote to memory of 2036	308	rundll32.exe	WerFault.exe
PID 308 wrote to memory of 2036	308	rundll32.exe	WerFault.exe
PID 308 wrote to memory of 2036	308	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a70146b72706db0462b4ff6b0166ce05be3cfa8ab768c88fe44b5a326b93e721.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 244
3⤵
- Program crash
PID:2036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/308-54-0x0000000000000000-mapping.dmp

Download
memory/308-55-0x0000000075261000-0x0000000075263000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000000000000-mapping.dmp

Download