766f8304aa55b1fdc64ea68e37a16c09f7e0d689cc4364e36b4720d4d94d5d57 | Triage

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 17:42

Sharing

Report Analysis Logs

General

Target

748-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

05dd11df0172f9ebbb2c0adc979db071
SHA1

ab4b1e7e797e164c4a3be9d3c260a0240fac549d
SHA256

766f8304aa55b1fdc64ea68e37a16c09f7e0d689cc4364e36b4720d4d94d5d57
SHA512

ff77e3813995cb90dad565c5a84d0bd0fb26d92b205d82596157e3c56bd50c067098d5f341f4c70ba2705880dc3a62714fa1025c11d4837b352fa2f1eb9fc0ee

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1748 968 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 968 wrote to memory of 1748	968	rundll32.exe	WerFault.exe
PID 968 wrote to memory of 1748	968	rundll32.exe	WerFault.exe
PID 968 wrote to memory of 1748	968	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\748-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 968 -s 56
2⤵
- Program crash
PID:1748

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-54-0x0000000000000000-mapping.dmp

Download