dbdd02d3fc196dd03b6f970e8bb08d82896d35b72878c09daa0ab36efcb19cf0 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-05-2022 14:34

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

1.1MB
MD5

f2b83c2075be8c51ada1ac1b2366095e
SHA1

f1dbf47b7e225bd92bd8d1a14ea832117f7c1037
SHA256

dbdd02d3fc196dd03b6f970e8bb08d82896d35b72878c09daa0ab36efcb19cf0
SHA512

7fdaf5cb281658bd7a8e4088ec8609a3bdd0b07bd029cb8390c9ff3823c854d2d51462bfc4bca8cf2af709e1986ee9eaec33c0be4ca68c759e631e31d85470fe

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2028 388 WerFault.exe tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 388 wrote to memory of 2028	388	tmp.exe	WerFault.exe
PID 388 wrote to memory of 2028	388	tmp.exe	WerFault.exe
PID 388 wrote to memory of 2028	388	tmp.exe	WerFault.exe
PID 388 wrote to memory of 2028	388	tmp.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 544
2⤵
- Program crash
PID:2028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/388-54-0x0000000000E30000-0x0000000000F5A000-memory.dmp

Filesize
1.2MB

Download
memory/2028-55-0x0000000000000000-mapping.dmp

Download