11db22aa3e436554178c26396d231b0efc7d4e35106207c5a9cabcd95ae4971e | Triage

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 18:52

Sharing

Report Analysis Logs

General

Target

1704-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

67e80085a956d2d7631d7f4728f4b870
SHA1

a91dc2a654c62ab33bb25a730ed3b7f167a206b2
SHA256

11db22aa3e436554178c26396d231b0efc7d4e35106207c5a9cabcd95ae4971e
SHA512

87e4c2b5f793d9a3f44c3b34f2fed4ef364c7ad4aaf4c04235b3640ad839a53a27f150c859da535d24f03654a9e2ae65a94c1aea34f23607366aabda4e7d86e3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1884 1580 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1580 wrote to memory of 1884	1580	rundll32.exe	WerFault.exe
PID 1580 wrote to memory of 1884	1580	rundll32.exe	WerFault.exe
PID 1580 wrote to memory of 1884	1580	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1704-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1580

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1580 -s 56
2⤵
- Program crash
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000000000000-mapping.dmp

Download