cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327 | Triage

Resubmissions

12-04-2022 11:48

220412-nyx8xabccl 3

12-04-2022 08:59

220412-kxqkwshehj 10

Analysis

max time kernel
4294183s
max time network
125s
platform
windows7_x64
resource
win7-20220310-en
submitted
12-04-2022 08:59

Sharing

Report Analysis Logs

General

Target

cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe
Size

624KB
MD5

9ec8468dd4a81b0b35c499b31e67375e
SHA1

6fa04992c0624c7aa3ca80da6a30e6de91226a16
SHA256

cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327
SHA512

bd6b37a0395f0ae508c54dcb62d5258adfb8c202605db8310c6b8758c3874bd2364491b1b129209ba1854df27f35149f891ac785a89fe26ddc45c40cad8023b2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1772 1452 WerFault.exe cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe

description	pid	process	target process
PID 1452 wrote to memory of 1772	1452	cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe	WerFault.exe
PID 1452 wrote to memory of 1772	1452	cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe	WerFault.exe
PID 1452 wrote to memory of 1772	1452	cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe	WerFault.exe
PID 1452 wrote to memory of 1772	1452	cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe
"C:\Users\Admin\AppData\Local\Temp\cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 156
2⤵
- Program crash
PID:1772

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1452-54-0x0000000075A31000-0x0000000075A33000-memory.dmp

Filesize
8KB

Download
memory/1772-55-0x0000000000000000-mapping.dmp

Download