fb28e25e507880d596ae8d4b210c6df6719283e610c24bf27d7b09ca7a12d469 | Triage

Analysis

max time kernel
3s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
25/05/2023, 01:58

Sharing

Report Analysis Logs

General

Target

REAPER5.dll
Size

3KB
MD5

83a4486739b224487c2bc2f37fa9d87e
SHA1

afeb9c4992c2dfae3095e831704d04e3f66304dc
SHA256

fb28e25e507880d596ae8d4b210c6df6719283e610c24bf27d7b09ca7a12d469
SHA512

89fad9a63cb475ab647838a97464e1cd42904d0cc22fd62404a8a5fabbef6b9f16a7919445f55d120a2ba4e2456472cb43e1e624cb849d315af9bc6a69a54ab3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2036	2024	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28
PID 2024 wrote to memory of 2036	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\REAPER5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2024 -s 84
  2⤵
  - Program crash
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000180000000-0x0000000180007000-memory.dmp

Filesize
28KB

Download