5e078d6381562de5792dc64787ff4e098595e69ac4166109a1e4e8ae11a135b9 | Triage

Analysis

max time kernel
172s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 21:40

Sharing

Report Analysis Logs

General

Target

5e078d6381562de5792dc64787ff4e098595e69ac4166109a1e4e8ae11a135b9.dll
Size

203KB
MD5

763f6232cf2d1f16d2ed2bdfa5a0b86a
SHA1

b164eb9361a71e76f3abcef54996e86e88581078
SHA256

5e078d6381562de5792dc64787ff4e098595e69ac4166109a1e4e8ae11a135b9
SHA512

b2afdf7b27aa5973db61d07863fee4545ff2944e424ee3a22f61dd63a311387a2afdb975000555e73f2d3c23395447c2a7c309d991073fcb50edf30f5bbb3cfd

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2236 1976 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1728 wrote to memory of 1976	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1976	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1976	1728	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e078d6381562de5792dc64787ff4e098595e69ac4166109a1e4e8ae11a135b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e078d6381562de5792dc64787ff4e098595e69ac4166109a1e4e8ae11a135b9.dll,#1
2⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 632
3⤵
- Program crash
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1976 -ip 1976
1⤵
PID:4892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-130-0x0000000000000000-mapping.dmp

Download