4aeff5a6879a17784d3765643eec3fc70efc6cbbeb469de29cda8f9b9d3a8138 | Triage

Analysis

max time kernel
77s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
08-12-2022 14:49

Sharing

Report Analysis Logs

General

Target

developer/nevertheless.dll
Size

209KB
MD5

bc47f431d704a935bdd20d65aceab8df
SHA1

9729b10dde412058d36636a7522996651aaabe9f
SHA256

4125a812e9d57cce27ab819705a96634ec91ce23cf7dc2c36e82ba15ec4fe184
SHA512

96c49bd4204c7501ddc08cc39d0a7930636d22a435501fefa8d8de89a70a568ae74e76afe3575464812555f7ef8f77c31e87cb477cf4cf47a38620b453e84f59
SSDEEP

6144:s7N2DFx/kYWK4XDfAW2C//+777777Lw9oHMAqLa8F3u8:s5O//r777777LwmqLbF3u8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

268 920 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 920 wrote to memory of 268	920	rundll32.exe	WerFault.exe
PID 920 wrote to memory of 268	920	rundll32.exe	WerFault.exe
PID 920 wrote to memory of 268	920	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\developer\nevertheless.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 920 -s 84
2⤵
- Program crash
PID:268

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-54-0x0000000000000000-mapping.dmp

Download