7655fb7e58f16fa01b68dfd7711d4f947adbc7d95e38f248349285f6c19ce841 | Triage

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 18:55

Sharing

Report Analysis Logs

General

Target

1712-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

ab7c210fadf17a229711b611a7420805
SHA1

386b7767aaba42b18c475676667b90fdf10be578
SHA256

7655fb7e58f16fa01b68dfd7711d4f947adbc7d95e38f248349285f6c19ce841
SHA512

ec4a771b23c9fe83ef8ca99dbfaa4ce752bcc35c6cc38238bb3bd772c8f960ab467313c4616e69d67d40ce2d1410f997d52d3894d49bd2a8f2695857d40d19a1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1980 908 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 908 wrote to memory of 1980	908	rundll32.exe	WerFault.exe
PID 908 wrote to memory of 1980	908	rundll32.exe	WerFault.exe
PID 908 wrote to memory of 1980	908	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1712-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:908

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 908 -s 56
2⤵
- Program crash
PID:1980

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-54-0x0000000000000000-mapping.dmp

Download