add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced | Triage

Analysis

max time kernel
151s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 14:17

Sharing

Report Analysis Logs

General

Target

add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll
Size

204KB
MD5

e8c7ab1b9803790b955c6c7c8ea7ec65
SHA1

0505f6dd1d54929e735bbe76d2c99694a8d481a6
SHA256

add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced
SHA512

6f61fcad9bd9e71f9e62b4632c93fce4bcac8fe3077677b7a0d614307403874aaf9bc6a005343b091d54aaf4840c34b1dd6d852b2e5d70a64531f7cad6657232

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3680 1424 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1780 wrote to memory of 1424	1780	rundll32.exe	rundll32.exe
PID 1780 wrote to memory of 1424	1780	rundll32.exe	rundll32.exe
PID 1780 wrote to memory of 1424	1780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\add921ad49469bc917ec801ff341c3ae75b0d8227f9a021e012d11e61a486ced.dll,#1
2⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 636
3⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1424 -ip 1424
1⤵
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1424-130-0x0000000000000000-mapping.dmp

Download