8a43438cac9d6a4aefc0fe461597b060eb7adaf5e8b032cdee1e9f0ac50ba3a6 | Triage

Analysis

max time kernel
45s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 19:00

Sharing

Report Analysis Logs

General

Target

1336-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

66f5689d4fd6ffce986cfd0bc7b481bb
SHA1

fca87f47b9f9a6a0eeadfd52e5b4c23d13d784ef
SHA256

8a43438cac9d6a4aefc0fe461597b060eb7adaf5e8b032cdee1e9f0ac50ba3a6
SHA512

8bf579eee44711e7b225116b0e2bc317273f1ce4f77c7b7fde2cccdda746a98e699bf81a7bb5ba45f1d6a8ffb5507a156729be69086fd9828ae264fb2937884c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1668 1452 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1336-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1452 -s 56
2⤵
- Program crash
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000000000000-mapping.dmp

Download