b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da | Triage

Analysis

max time kernel
20s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
07-07-2022 22:17

Sharing

Report Analysis Logs

General

Target

b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll
Size

206KB
MD5

43a245f94f479a1b5d6e6f3fa4c71e1a
SHA1

5e0118c611d2907e0232e0549c33845a8251e9df
SHA256

b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da
SHA512

2b36e42a72e3f5ce6b32a6bfa6d6d908eeb963ad12b2f5154ad95c9b6d4f35d98af64d9380730bed2672b0d260d4808a62412bdd139d7f8a18cb1db9458d9868

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5016 4748 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4780 wrote to memory of 4748	4780	rundll32.exe	rundll32.exe
PID 4780 wrote to memory of 4748	4780	rundll32.exe	rundll32.exe
PID 4780 wrote to memory of 4748	4780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b63d83089effe2fc647f703183fe6ab7d0ae8a4f0df375c2bd1f22a10bbc67da.dll,#1
2⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 632
3⤵
- Program crash
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748
1⤵
PID:3984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4748-130-0x0000000000000000-mapping.dmp

Download