51de40c31c3436ee5c701985fe44aa92f7d1b097cc86ce2c203e2865de75e99b | Triage

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06-07-2023 15:06

Sharing

Report Analysis Logs

General

Target

346a686b7328d4exeexeexeex.dll
Size

208KB
MD5

346a686b7328d4b6f7970b48db45297e
SHA1

c7eff3fc24fdfe59df205c8ba812c4925616d3a3
SHA256

51de40c31c3436ee5c701985fe44aa92f7d1b097cc86ce2c203e2865de75e99b
SHA512

80832569f86be5bdaf2dec47f9e4bf95c5fc640438b822776e3842f6926df192c48f6e2b932b181e7aec098e0c51cf8424eb478fe43741d934a4560d265a8e94
SSDEEP

3072:I+FcIvEbJvYdGVWwk4Kj6olpR2B5f4dS/L4jjZUB55Ow6E:JHEbJAZwBqplpAX/Lmj9bE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2132 2008 WerFault.exe rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 2008	2228	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 2132	2008	rundll32.exe	WerFault.exe
PID 2008 wrote to memory of 2132	2008	rundll32.exe	WerFault.exe
PID 2008 wrote to memory of 2132	2008	rundll32.exe	WerFault.exe
PID 2008 wrote to memory of 2132	2008	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\346a686b7328d4exeexeexeex.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\346a686b7328d4exeexeexeex.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 244
3⤵
- Program crash
PID:2132

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...