b1aeb3ccabe1414b2315e414bbfe9c3295c81857b1ca180b22cec81cde2f7748 | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 19:06

Sharing

Report Analysis Logs

General

Target

1564-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

687afe8d580b6ebb92bde325e349a148
SHA1

8bf409991beca6a454dd7acb7d9fa8ecb90bb7c6
SHA256

b1aeb3ccabe1414b2315e414bbfe9c3295c81857b1ca180b22cec81cde2f7748
SHA512

29c22cfeec6daf9d4a5c02deb1a5f04773ebcfd2f686546aa39d5f3e8a29ca61b42762cc638c59efd8cd8938f21a2c7732dea80299aae49ee8527f67dd9f0a7d

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

240 1944 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1944 wrote to memory of 240	1944	rundll32.exe	WerFault.exe
PID 1944 wrote to memory of 240	1944	rundll32.exe	WerFault.exe
PID 1944 wrote to memory of 240	1944	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1564-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1944 -s 56
2⤵
- Program crash
PID:240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/240-54-0x0000000000000000-mapping.dmp

Download