4980f397fa276495555867b7628497c7cba519309051cc1cb9b43c4270103316 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
10-06-2022 21:45

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

1.8MB
MD5

0ab42dccaffb5ec1d149601908014b50
SHA1

434182962a57e9cc7aa4b242d901a098402b485e
SHA256

4980f397fa276495555867b7628497c7cba519309051cc1cb9b43c4270103316
SHA512

c5501b92dc64cc59e75d8ab52c5b186e86071405dde1784b2af2057e0b7a894607410c648dd1a1f7dfbe9a699ad8e427246afe016e35ee3732e96812c6e11e4c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1996 976 WerFault.exe tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 976 wrote to memory of 1996	976	tmp.exe	WerFault.exe
PID 976 wrote to memory of 1996	976	tmp.exe	WerFault.exe
PID 976 wrote to memory of 1996	976	tmp.exe	WerFault.exe
PID 976 wrote to memory of 1996	976	tmp.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 584
2⤵
- Program crash
PID:1996

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/976-54-0x0000000000D00000-0x0000000000ECA000-memory.dmp

Filesize
1.8MB

Download
memory/976-55-0x00000000003E0000-0x000000000045C000-memory.dmp

Filesize
496KB

Download
memory/1996-56-0x0000000000000000-mapping.dmp

Download