15327559104f6a0eec105b6466e935c535cab6b00c80d1d155ebdf7e63a823ce | Triage

Analysis

max time kernel
37s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 13:22

Sharing

Report Analysis Logs

General

Target

DHLMexico invoice101060.exe
Size

622KB
MD5

ef4d0519efa273313ee2fade85ff7013
SHA1

8f73876e576d927697a31b0f161eaf0597220e90
SHA256

15327559104f6a0eec105b6466e935c535cab6b00c80d1d155ebdf7e63a823ce
SHA512

6be7eb1b2909e0f68447c9b152d286f6208140023ec61e7a07a2f06cbeb28f92aeb7829e01ae368e6147dde89f55d8c9d3adf91a4b0b4218be03f3d47b2678fb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1616 1884 WerFault.exe DHLMexico invoice101060.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

DHLMexico invoice101060.exe

description	pid	process	target process
PID 1884 wrote to memory of 1616	1884	DHLMexico invoice101060.exe	WerFault.exe
PID 1884 wrote to memory of 1616	1884	DHLMexico invoice101060.exe	WerFault.exe
PID 1884 wrote to memory of 1616	1884	DHLMexico invoice101060.exe	WerFault.exe
PID 1884 wrote to memory of 1616	1884	DHLMexico invoice101060.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\DHLMexico invoice101060.exe
"C:\Users\Admin\AppData\Local\Temp\DHLMexico invoice101060.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 588
  2⤵
  - Program crash
  PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1616-56-0x0000000000000000-mapping.dmp

Download
memory/1884-54-0x0000000000190000-0x0000000000232000-memory.dmp

Filesize
648KB

Download
memory/1884-55-0x00000000005E0000-0x000000000064A000-memory.dmp

Filesize
424KB

Download