e43afd365ec5dd152b793efdb8d2c43368df2a339b9a7f1dbeabffb27e1656c8 | Triage

Analysis

max time kernel
231s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2022 06:19

Sharing

Report Analysis Logs

General

Target

r77-x86.dll
Size

1013KB
MD5

93b6d3aec02f007349adf0b6f4364b62
SHA1

3d365cb07f09c72f216cd93817352a58d2238780
SHA256

e43afd365ec5dd152b793efdb8d2c43368df2a339b9a7f1dbeabffb27e1656c8
SHA512

74c9ded9468cba9dc66e6b285a43a5122eb89853a603c5b2a39c689a9e2aaaf7bef70738269e262ce70c15c43acf10afd81f333ed1a0bee4ce6cb5d8a03bc685
SSDEEP

12288:aS5/WvHcNW3hP+3iihuu9WvsktOhIXhvANPfnDy/5useu3C5snP+jin:aSFm0WR+ndvhIXhvARfnDw51NPN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1608 4396 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4344 wrote to memory of 4396	4344	rundll32.exe	rundll32.exe
PID 4344 wrote to memory of 4396	4344	rundll32.exe	rundll32.exe
PID 4344 wrote to memory of 4396	4344	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\r77-x86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\r77-x86.dll,#1
2⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 628
3⤵
- Program crash
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4396 -ip 4396
1⤵
PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4396-132-0x0000000000000000-mapping.dmp

Download
memory/4396-133-0x000000006F610000-0x000000006F620000-memory.dmp

Filesize
64KB

Download
memory/4396-134-0x0000000074F20000-0x0000000075085000-memory.dmp

Filesize
1.4MB

Download
memory/4396-135-0x0000000074F20000-0x0000000075085000-memory.dmp

Filesize
1.4MB

Download