48070f3101d14552073df2ae2c8093d2ecfe8ef1048e326fe0ef94d8d6190294 | Triage

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 15:49

Sharing

Report Analysis Logs

General

Target

1732-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

6004da0fa1a143c540cd4f38c0d2a2f7
SHA1

107775643ebb8246280542745b5c8d0301f4e7c4
SHA256

48070f3101d14552073df2ae2c8093d2ecfe8ef1048e326fe0ef94d8d6190294
SHA512

597dbaaf727ed698c73121310d6deeba4b1a3968d593a5d9c7a2d9b1d82b5fe9fa7ecb15bf5f7023d56997bd744de35945de99c14e557c2397e8a1ddf0742c02

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

868 1836 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1836 wrote to memory of 868	1836	rundll32.exe	WerFault.exe
PID 1836 wrote to memory of 868	1836	rundll32.exe	WerFault.exe
PID 1836 wrote to memory of 868	1836	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1732-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1836 -s 56
2⤵
- Program crash
PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/868-54-0x0000000000000000-mapping.dmp

Download