Analysis
-
max time kernel
50s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-05-2022 09:20
Static task
static1
Behavioral task
behavioral1
Sample
EXPORT INVOICE.pdf.scr
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
EXPORT INVOICE.pdf.scr
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
EXPORT INVOICE.pdf.scr
-
Size
789KB
-
MD5
2cf09341b87d20404a6d824305ea5419
-
SHA1
ec9de894d7cb09ed3940db31dfc7a39cc1280acd
-
SHA256
2b21885c68cf8bcee3be7e08574372130a42c74a047b1f962cc5e270bb7b543e
-
SHA512
db8e247a8192ee53b96ee12a9b1e120e904b58b96f5ea3687d10bda3ea16d479bfe2da0db07b633b35bc03da9665d8ebe13a0e494a481bd88a76c30b79c2dbe9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 944 1324 WerFault.exe EXPORT INVOICE.pdf.scr -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
EXPORT INVOICE.pdf.scrdescription pid process target process PID 1324 wrote to memory of 944 1324 EXPORT INVOICE.pdf.scr WerFault.exe PID 1324 wrote to memory of 944 1324 EXPORT INVOICE.pdf.scr WerFault.exe PID 1324 wrote to memory of 944 1324 EXPORT INVOICE.pdf.scr WerFault.exe PID 1324 wrote to memory of 944 1324 EXPORT INVOICE.pdf.scr WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/944-57-0x0000000000000000-mapping.dmp
-
memory/1324-54-0x0000000000970000-0x0000000000A3A000-memory.dmpFilesize
808KB
-
memory/1324-55-0x0000000076011000-0x0000000076013000-memory.dmpFilesize
8KB
-
memory/1324-56-0x0000000000560000-0x0000000000568000-memory.dmpFilesize
32KB