8c91922ef5d9c2405aa4b9a09c0c7aca885fd26b40335297084c9909c8ceb1a0 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
12-08-2022 08:35

Sharing

Report Analysis Logs

General

Target

288-54-0x0000000180000000-0x0000000180009000-memory.dll
Size

36KB
MD5

578812220c9b47cad81682df0cfd7541
SHA1

9cc70649799fc3185182d8a1035b933dfd619e8c
SHA256

8c91922ef5d9c2405aa4b9a09c0c7aca885fd26b40335297084c9909c8ceb1a0
SHA512

aeacff5dce1345395fa7da7558d321ab54a25475d41019c75bcf11f4a70e53b3e096d9e1aa7a98a1f24fb77accfe85d59f57de0c84cdb5d18f360bcb460f0d9c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2032 1912 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1912 wrote to memory of 2032	1912	rundll32.exe	WerFault.exe
PID 1912 wrote to memory of 2032	1912	rundll32.exe	WerFault.exe
PID 1912 wrote to memory of 2032	1912	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\288-54-0x0000000180000000-0x0000000180009000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1912 -s 56
2⤵
- Program crash
PID:2032

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-54-0x0000000000000000-mapping.dmp

Download