3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805 | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 14:24

Sharing

Report Analysis Logs

General

Target

3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Size

206KB
MD5

47e80349b40b21f381458fa84c82cb83
SHA1

d401ad0be19247cef815444621c6c5db5ecea216
SHA256

3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805
SHA512

3b01fe5353ef94ff7961589d31de9fe5b38dc38bb289464dc54fbde56966f7b59d26af4340930dea8cdd438f793e4340422f3acfadf9bf586a4d2af60b8715ce

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1944 1728 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1728	1864	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1944	1728	rundll32.exe	WerFault.exe
PID 1728 wrote to memory of 1944	1728	rundll32.exe	WerFault.exe
PID 1728 wrote to memory of 1944	1728	rundll32.exe	WerFault.exe
PID 1728 wrote to memory of 1944	1728	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 244
3⤵
- Program crash
PID:1944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-54-0x0000000000000000-mapping.dmp

Download
memory/1728-55-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download
memory/1944-56-0x0000000000000000-mapping.dmp

Download