ce85954189b88a7ad99ba2c31da1b4e0a645db1c746df1f9f5f85e4cc6fdc5e7 | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-05-2022 09:56

Sharing

Report Analysis Logs

General

Target

RFQ.DOCUMENT.bit.exe
Size

740KB
MD5

cf0a1c704adde7c2c544ec000173cd32
SHA1

164f8a60115206f790c22c54e9826c89571ba12f
SHA256

ce85954189b88a7ad99ba2c31da1b4e0a645db1c746df1f9f5f85e4cc6fdc5e7
SHA512

d64ef6526c0266e95caf47742d772a68b7dab90bbc95897b70ecc363a48bcfb0e28d056c298b3d31b8b7175892e05801fb6a231e4989010f9d20ea3aac1ce551

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1284	1236	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1284	1236	RFQ.DOCUMENT.bit.exe	27
PID 1236 wrote to memory of 1284	1236	RFQ.DOCUMENT.bit.exe	27
PID 1236 wrote to memory of 1284	1236	RFQ.DOCUMENT.bit.exe	27
PID 1236 wrote to memory of 1284	1236	RFQ.DOCUMENT.bit.exe	27

C:\Users\Admin\AppData\Local\Temp\RFQ.DOCUMENT.bit.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ.DOCUMENT.bit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 540
  2⤵
  - Program crash
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-54-0x0000000000CB0000-0x0000000000D70000-memory.dmp

Filesize
768KB

Download