ecc615dd40cfacd5bd9574766cbc9ac17357a77144c9d80f87306d8ce52ac4e6 | Triage

Analysis

max time kernel
4294179s
max time network
120s
platform
windows7_x64
resource
win7-20220310-en
submitted
22/03/2022, 09:35

Sharing

Report Analysis Logs

General

Target

sample.exe
Size

8KB
MD5

3f092778b84602db614514ed3f5518a0
SHA1

f18841fa31d8972e2dc1a21940d32ff23ed91ad9
SHA256

b409fb8afdcdbdc248b15615899e4e306ded93320dad392a078972cf1c0b7086
SHA512

875300b552bc23266b49c7f6bfb955547a1b3b46f89901304f2351cea7b63dfc8bfc9f926e645141dd5bd3f57224aee07b871061333a6347af93dc30ec37088e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1648	960	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 1648	960	sample.exe	27
PID 960 wrote to memory of 1648	960	sample.exe	27
PID 960 wrote to memory of 1648	960	sample.exe	27
PID 960 wrote to memory of 1648	960	sample.exe	27

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 552
  2⤵
  - Program crash
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x0000000074D80000-0x000000007546E000-memory.dmp

Filesize
6.9MB

Download
memory/960-55-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download