f066b22440bc1fbf1d336c95531d7966ed2c6a0e21db7479d3eb7e61364a32e5 | Triage

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
16-07-2022 12:21

Sharing

Report Analysis Logs

General

Target

swift 6748.26.exe
Size

652KB
MD5

2a66e1def724a506b4a456a573b76c55
SHA1

ae8ea73f5754b4ca8a4ccf727e8db152c20e800f
SHA256

f066b22440bc1fbf1d336c95531d7966ed2c6a0e21db7479d3eb7e61364a32e5
SHA512

9d004d721247ec4bc1eecbfbb1e552cac3c37e20ce370e0d2aa18536ff619f8d8b66abfeb079efcf14fcbe781ae6b3138b16335b7a04f064474003d6b948c5cb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1512	588	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1512	588	swift 6748.26.exe	27
PID 588 wrote to memory of 1512	588	swift 6748.26.exe	27
PID 588 wrote to memory of 1512	588	swift 6748.26.exe	27
PID 588 wrote to memory of 1512	588	swift 6748.26.exe	27

C:\Users\Admin\AppData\Local\Temp\swift 6748.26.exe
"C:\Users\Admin\AppData\Local\Temp\swift 6748.26.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 584
  2⤵
  - Program crash
  PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/588-54-0x0000000000030000-0x00000000000DA000-memory.dmp

Filesize
680KB

Download
memory/588-55-0x0000000000490000-0x0000000000504000-memory.dmp

Filesize
464KB

Download