59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe | Triage

Analysis

max time kernel
86s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 02:58

Sharing

Report Analysis Logs

General

Target

59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll
Size

57KB
MD5

b7b90e1cc763199c625c330ae1400ca1
SHA1

3868d3929c95187bc99640da54684b20d75cb384
SHA256

59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe
SHA512

a3dc2482c3d79a2be9db4373e2d59e8b2bee91d2f7f7dee542f6e13b895b868c62d318061a15f5bafac7720aac11e2bb99f26d44801cc51e057015d7d704a4f8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4680 2552 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2472 wrote to memory of 2552	2472	rundll32.exe	rundll32.exe
PID 2472 wrote to memory of 2552	2472	rundll32.exe	rundll32.exe
PID 2472 wrote to memory of 2552	2472	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2472

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#1
2⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 636
3⤵
- Program crash
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2552 -ip 2552
1⤵
PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-130-0x0000000000000000-mapping.dmp

Download
memory/2552-131-0x0000000002740000-0x000000000293A000-memory.dmp

Filesize
2.0MB

Download