87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf | Triage

Analysis

max time kernel
41s
max time network
42s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 19:47

Sharing

Report Analysis Logs

General

Target

87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe
Size

664KB
MD5

7b7562a6fee4b75e2422eb9b2faecd5c
SHA1

f50fc80dfa8c00ea6d3b576963d4062fda21c1d9
SHA256

87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf
SHA512

5d2077ce58c0d592740711e283203bb97a7ea0f33d7b84861141d99cc924c6999f180e7a4c3e5cb34e32d6821308514585117384fe93e7dcd2871eb2d2a1cff5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2028 756 WerFault.exe 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe

description	pid	process	target process
PID 756 wrote to memory of 2028	756	87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe	WerFault.exe
PID 756 wrote to memory of 2028	756	87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe	WerFault.exe
PID 756 wrote to memory of 2028	756	87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe	WerFault.exe
PID 756 wrote to memory of 2028	756	87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe
"C:\Users\Admin\AppData\Local\Temp\87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 548
2⤵
- Program crash
PID:2028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x00000000008A0000-0x000000000094C000-memory.dmp

Filesize
688KB

Download
memory/2028-55-0x0000000000000000-mapping.dmp

Download