dbc5cf3d2f43a38f12ddaa8a676060540f42ee1b974187a7ae70df1df59da910 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-07-2022 16:39

Sharing

Report Analysis Logs

General

Target

payload (1).dll
Size

255KB
MD5

a257e8c455576123b2c827f9509ecc5b
SHA1

49e01127127e9a21eb5c830b4afd5ef4f76764c8
SHA256

dbc5cf3d2f43a38f12ddaa8a676060540f42ee1b974187a7ae70df1df59da910
SHA512

9a1628c7911b2744c7c4befd1e3e6fd01bb81eafa1d8ca23a5b1412d02042695c6da7d70f322ad90c054307f864ca2c045238334408403d5082ad4e5bdc91f0e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1840 1992 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 1840	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 1840	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 1840	1992	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\payload (1).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1992 -s 108
2⤵
- Program crash
PID:1840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1840-54-0x0000000000000000-mapping.dmp

Download