ecc615dd40cfacd5bd9574766cbc9ac17357a77144c9d80f87306d8ce52ac4e6 | Triage

Analysis

max time kernel
4294179s
max time network
120s
platform
windows7_x64
resource
win7-20220310-en
submitted
22-03-2022 09:35

Sharing

Report Analysis Logs

General

Target

sample.exe
Size

8KB
MD5

3f092778b84602db614514ed3f5518a0
SHA1

f18841fa31d8972e2dc1a21940d32ff23ed91ad9
SHA256

b409fb8afdcdbdc248b15615899e4e306ded93320dad392a078972cf1c0b7086
SHA512

875300b552bc23266b49c7f6bfb955547a1b3b46f89901304f2351cea7b63dfc8bfc9f926e645141dd5bd3f57224aee07b871061333a6347af93dc30ec37088e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1648 960 WerFault.exe sample.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

sample.exe

description	pid	process	target process
PID 960 wrote to memory of 1648	960	sample.exe	WerFault.exe
PID 960 wrote to memory of 1648	960	sample.exe	WerFault.exe
PID 960 wrote to memory of 1648	960	sample.exe	WerFault.exe
PID 960 wrote to memory of 1648	960	sample.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 552
2⤵
- Program crash
PID:1648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x0000000074D80000-0x000000007546E000-memory.dmp

Filesize
6.9MB

Download
memory/960-55-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download