0f888907403ebaee309e7927c72e5ebd6aca817209fd1a5a8ceaa0b028116fcd | Triage

Analysis

max time kernel
40s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 22:47

Sharing

Report Analysis Logs

General

Target

req.exe
Size

194KB
MD5

5c0efa906b43ad42826a5fa894fa8b95
SHA1

f08ee13771c5608b7e18087b8e3ffd2076a114e8
SHA256

347be975b764b78ec7860ee7c61c443fb63d6d330e7897acb8ac701cf37bb685
SHA512

82bcf52a00ddbaba072064aaacd95df401675f28cc0844a15d316047cc4788ed7d6335397dccf8b5f4da78e3acd24d24a7ccb188941ecb1c854ff681c8ca8792

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1944 892 WerFault.exe req.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

req.exe

description	pid	process	target process
PID 892 wrote to memory of 1944	892	req.exe	WerFault.exe
PID 892 wrote to memory of 1944	892	req.exe	WerFault.exe
PID 892 wrote to memory of 1944	892	req.exe	WerFault.exe
PID 892 wrote to memory of 1944	892	req.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\req.exe
"C:\Users\Admin\AppData\Local\Temp\req.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 532
2⤵
- Program crash
PID:1944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-54-0x00000000009D0000-0x0000000000A06000-memory.dmp

Filesize
216KB

Download
memory/1944-55-0x0000000000000000-mapping.dmp

Download