eb2544f1996d6687c5f94f6a74fe0c27279a2d5ffad99e76d7d0e24c290b81be | Triage

Analysis

max time kernel
34s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:46

Sharing

Report Analysis Logs

General

Target

JConfig.dll
Size

56KB
MD5

89a129c4737d35fc9676dbe6901537c5
SHA1

db75a20643f60cbf2e9e1ffb4b57662ecd20c1bb
SHA256

c097e68886c8a14c37d3df03d43d40f2ecf592c4b1f373dd245cbf650b693bb4
SHA512

5fd1584f676d536a8cbf0468a4a58b08e60807c430e7446b18be5230252aa17100299c82b1f355a7eb6a4077ed2c702666a381cf64da59c2e668807d8fa1b7d4
SSDEEP

1536:q2KpfwKZCH4mnlDjjgUJ82/y64alUK8Z7:q0K8H4mnlLJ82/L38Z7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1144	1012	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1920 wrote to memory of 1012	1920	rundll32.exe	28
PID 1012 wrote to memory of 1144	1012	rundll32.exe	29
PID 1012 wrote to memory of 1144	1012	rundll32.exe	29
PID 1012 wrote to memory of 1144	1012	rundll32.exe	29
PID 1012 wrote to memory of 1144	1012	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JConfig.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JConfig.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
    3⤵
    - Program crash
    PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1012-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download