a5f9fff484cdf95a86a88d94c45f69fae77bb92a996bcd1ffb5b01a182101036 | Triage

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
13-10-2022 00:51

Sharing

Report Analysis Logs

General

Target

dd204ab6-b2ca-4f8c-8f6b-b70093a2ec80.dll
Size

2.0MB
MD5

442f4e07da9878d04b1ec48c1db92648
SHA1

4cbba55450697ea6f9459623f4801cef0d7259ac
SHA256

8d58bea19cc529526e670de83d3e3009d5e69447ca41d9c3d45013a3b683da83
SHA512

857d8df09b37d57771f080490451f03832e1a42dc83fe7aa18fbda643c58e48371c11807e5a8a943060b3934b72d8ecb15b283b604a856f997ebfbe155ea442e
SSDEEP

49152:hESQEiUQsu5LJvbqdpwKaeiSk6+OJyR8:PQ6SvvbqViSk67J88

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1256 1140 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1140 wrote to memory of 1256	1140	rundll32.exe	WerFault.exe
PID 1140 wrote to memory of 1256	1140	rundll32.exe	WerFault.exe
PID 1140 wrote to memory of 1256	1140	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd204ab6-b2ca-4f8c-8f6b-b70093a2ec80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1140 -s 84
2⤵
- Program crash
PID:1256

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1256-54-0x0000000000000000-mapping.dmp

Download