671f7ea2165cdf255626ecb92d17f686aba46ff59955530c6f105d381a2d9cf0 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 08:25

Sharing

Report Analysis Logs

General

Target

394c298999c0ace20493a99dbfcaf561.exe
Size

3.3MB
MD5

394c298999c0ace20493a99dbfcaf561
SHA1

7424aadf6b65c89184dce63e584c1f4efa57eb70
SHA256

671f7ea2165cdf255626ecb92d17f686aba46ff59955530c6f105d381a2d9cf0
SHA512

195ceb6d4cb1b9b9bcd31cffcab68aa0d241feaa9062749c90a52eed3d1dd1106664ee86020f5ee219172eda8a4c7160789a457a52e802be25ff28b50096635c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1656 1092 WerFault.exe 394c298999c0ace20493a99dbfcaf561.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

394c298999c0ace20493a99dbfcaf561.exe

description	pid	process	target process
PID 1092 wrote to memory of 1656	1092	394c298999c0ace20493a99dbfcaf561.exe	WerFault.exe
PID 1092 wrote to memory of 1656	1092	394c298999c0ace20493a99dbfcaf561.exe	WerFault.exe
PID 1092 wrote to memory of 1656	1092	394c298999c0ace20493a99dbfcaf561.exe	WerFault.exe
PID 1092 wrote to memory of 1656	1092	394c298999c0ace20493a99dbfcaf561.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\394c298999c0ace20493a99dbfcaf561.exe
"C:\Users\Admin\AppData\Local\Temp\394c298999c0ace20493a99dbfcaf561.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 88
2⤵
- Program crash
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000000000000-mapping.dmp

Download