3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805 | Triage

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 14:24

Sharing

Report Analysis Logs

General

Target

3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll
Size

206KB
MD5

47e80349b40b21f381458fa84c82cb83
SHA1

d401ad0be19247cef815444621c6c5db5ecea216
SHA256

3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805
SHA512

3b01fe5353ef94ff7961589d31de9fe5b38dc38bb289464dc54fbde56966f7b59d26af4340930dea8cdd438f793e4340422f3acfadf9bf586a4d2af60b8715ce

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3520 60 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4220 wrote to memory of 60	4220	rundll32.exe	rundll32.exe
PID 4220 wrote to memory of 60	4220	rundll32.exe	rundll32.exe
PID 4220 wrote to memory of 60	4220	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd21d830f6e876e030a7bd76c657ee940afac1785690438475cb0a15c3b1805.dll,#1
2⤵
PID:60

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 680
3⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 60 -ip 60
1⤵
PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/60-130-0x0000000000000000-mapping.dmp

Download