4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651 | Triage

Resubmissions

14-07-2022 15:44

220714-s6rhjscbe8 10

06-07-2022 11:56

220706-n4bxvsede8 3

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-07-2022 11:56

Sharing

Report Analysis Logs

General

Target

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
Size

188KB
MD5

2410d0d7c20597d9b65f237f9c4ce6c9
SHA1

cd807d416897d84c8aeeccf92096186ffe62cf58
SHA256

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651
SHA512

54b04d63f76c8ad86d1bb65982b10a4cb41b8a840224f93469cb17ba8e157d7c1794e22a84660911a1e033388e28080b606971b059e30ca51a3d54150426b8f8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1256	272	WerFault.exe	13

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 272 wrote to memory of 1256	272	rundll32.exe	28
PID 272 wrote to memory of 1256	272	rundll32.exe	28
PID 272 wrote to memory of 1256	272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:272
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 272 -s 84
  2⤵
  - Program crash
  PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads