ac46b90f8d9ca2ae2a08ab608bd6cd3353d88684a188e4dc725f232a62d50017 | Triage

Analysis

max time kernel
31s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 16:44

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Variant.Tedy.114694.19007.exe
Size

681KB
MD5

2cba74e140ba210f336ed6c82b623421
SHA1

9dfff2f3820e38134b73d14183f75839e16e0db7
SHA256

ac46b90f8d9ca2ae2a08ab608bd6cd3353d88684a188e4dc725f232a62d50017
SHA512

9ede1432bedb79d33510f2c153f8085835e389acef2b8284f91433092d1852e4fc54e86b332f159b20706dcdbb2dfeb4db0725880a4eef583722bdf0ae3d2f45

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1704 1908 WerFault.exe SecuriteInfo.com.Variant.Tedy.114694.19007.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.Variant.Tedy.114694.19007.exe

description	pid	process	target process
PID 1908 wrote to memory of 1704	1908	SecuriteInfo.com.Variant.Tedy.114694.19007.exe	WerFault.exe
PID 1908 wrote to memory of 1704	1908	SecuriteInfo.com.Variant.Tedy.114694.19007.exe	WerFault.exe
PID 1908 wrote to memory of 1704	1908	SecuriteInfo.com.Variant.Tedy.114694.19007.exe	WerFault.exe
PID 1908 wrote to memory of 1704	1908	SecuriteInfo.com.Variant.Tedy.114694.19007.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.114694.19007.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.114694.19007.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 596
  2⤵
  - Program crash
  PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-56-0x0000000000000000-mapping.dmp

Download
memory/1908-54-0x0000000001040000-0x00000000010F0000-memory.dmp

Filesize
704KB

Download
memory/1908-55-0x0000000000C00000-0x0000000000C68000-memory.dmp

Filesize
416KB

Download