593fa2aa2474508ad942bbaa0fdc9a1badd81c85b0dff1c43b90a47c23ad5fb7 | Triage

Analysis

max time kernel
61s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/03/2023, 17:24

Sharing

Report Analysis Logs

General

Target

api-ms-win-core-namedpipe-l1-1-0.dll
Size

18KB
MD5

a056d4eeaae37deab8333dcc4c910a93
SHA1

cb59f1fe73c17446eb196fc0dd7d944a0cd9d81f
SHA256

593fa2aa2474508ad942bbaa0fdc9a1badd81c85b0dff1c43b90a47c23ad5fb7
SHA512

c2f811994182ef51d0c011c19336179da69357e5f284f787bcdb54f90c32768a959232a477534f7e62cd3d71a048a13e91b20042e2fe6ab108d606c7c8df9255
SSDEEP

384:eW1hWU5OZkum0GftpBjxKvm3SQTlUK3dsDT:1noVimvf6sDT

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
892	904	WerFault.exe	18

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 892	904	rundll32.exe	28
PID 904 wrote to memory of 892	904	rundll32.exe	28
PID 904 wrote to memory of 892	904	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-namedpipe-l1-1-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 904 -s 84
  2⤵
  - Program crash
  PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads