4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651 | Triage

Resubmissions

14-07-2022 15:44

220714-s6rhjscbe8 10

06-07-2022 11:56

220706-n4bxvsede8 3

Analysis

max time kernel
48s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-07-2022 15:44

Sharing

Report Analysis Logs

General

Target

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll
Size

188KB
MD5

2410d0d7c20597d9b65f237f9c4ce6c9
SHA1

cd807d416897d84c8aeeccf92096186ffe62cf58
SHA256

4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651
SHA512

54b04d63f76c8ad86d1bb65982b10a4cb41b8a840224f93469cb17ba8e157d7c1794e22a84660911a1e033388e28080b606971b059e30ca51a3d54150426b8f8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1144 604 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 604 wrote to memory of 1144	604	rundll32.exe	WerFault.exe
PID 604 wrote to memory of 1144	604	rundll32.exe	WerFault.exe
PID 604 wrote to memory of 1144	604	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba880c1080b2bb71989b267576f145fe5500a5672f73750bfcefb72a3d4c651.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:604

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 604 -s 84
2⤵
- Program crash
PID:1144

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-54-0x0000000000000000-mapping.dmp

Download