b7222a595d89970162652af4632562947e64bca100e5005e44cef8dac9e908c2 | Triage

Analysis

max time kernel
119s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 08:24

Sharing

Report Analysis Logs

General

Target

SPASTICS/QUINIBLE.dll
Size

1.0MB
MD5

a146dac7b641fff2c5c3c0cf320731aa
SHA1

0b21a4b04e79565e26e4236772d4605fc39862e7
SHA256

95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab
SHA512

9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19
SSDEEP

24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

952 1992 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 952	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 952	1992	rundll32.exe	WerFault.exe
PID 1992 wrote to memory of 952	1992	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SPASTICS\QUINIBLE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1992 -s 84
2⤵
- Program crash
PID:952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-54-0x0000000000000000-mapping.dmp

Download