79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-05-2022 13:50

Sharing

Report Analysis Logs

General

Target

79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe
Size

1.1MB
MD5

d3021071b734890e96b5c842a110b0a9
SHA1

4641e2b0cc28e0fbab2770b518026d7a84e1556d
SHA256

79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492
SHA512

65b3b0e663f9d88d854774f9846599059eec4a87c7cac5c6c55f77092d017dc26a8af464e105df23a26ba0e61c567aa55efae80f7ae7874c2727d1f6f43565f6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2008 1208 WerFault.exe 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe

description	pid	process	target process
PID 1208 wrote to memory of 2008	1208	79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe	WerFault.exe
PID 1208 wrote to memory of 2008	1208	79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe	WerFault.exe
PID 1208 wrote to memory of 2008	1208	79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe	WerFault.exe
PID 1208 wrote to memory of 2008	1208	79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe
"C:\Users\Admin\AppData\Local\Temp\79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 536
2⤵
- Program crash
PID:2008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-54-0x0000000000D70000-0x0000000000E8E000-memory.dmp

Filesize
1.1MB

Download
memory/2008-55-0x0000000000000000-mapping.dmp

Download