a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541 | Triage

Analysis

max time kernel
1596s
max time network
1600s
platform
windows7_x64
resource
win7-20220414-en
submitted
05-06-2022 15:16

Sharing

Report Analysis Logs

General

Target

a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe
Size

206KB
MD5

fb004cbf4dc92676367d9cf6a28ecc71
SHA1

4bff625571dbc7b695b49fa94556ab0d130519aa
SHA256

a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541
SHA512

9c6102e0cee339d1a0b4baee80786459a22486f3fa029c1ff9e8f0a8f165d36aee0f8489435545fba9b68162683d63764d812c40d7bc1ab4ded64efad7fafefd

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

912 1972 WerFault.exe a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe

description	pid	process	target process
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe
PID 1972 wrote to memory of 912	1972	a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe
"C:\Users\Admin\AppData\Local\Temp\a96216a59491a4eddf37491eb10a9b215124315305036cb268033c7ffe4e9541.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 268
2⤵
- Program crash
PID:912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-57-0x0000000000000000-mapping.dmp

Download
memory/1972-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/1972-55-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1972-56-0x0000000000BC0000-0x0000000000E22000-memory.dmp

Filesize
2.4MB

Download
memory/1972-58-0x0000000000BC0000-0x0000000000E22000-memory.dmp

Filesize
2.4MB

Download