34b54e55317003a0a2b8ff85ffa516a441d996a9f78fb074d6006cc40f3bd46f | Triage

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
18-07-2022 15:49

Sharing

Report Analysis Logs

General

Target

Payment_Advice.exe
Size

709KB
MD5

7ca80ef9cefc1bdf4d249e5a1b263672
SHA1

21acb1e653f73e26528839c7fef847d5b6734b0a
SHA256

34b54e55317003a0a2b8ff85ffa516a441d996a9f78fb074d6006cc40f3bd46f
SHA512

8bca4da57b2d34e3b7a0976ca74674429608986b3a82901ef6ecec6d5bc37b3c3753e657b69c021dbdb870ffdf1bc50afd4fc557a2f93cd7d5ce9fe516293f30

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1080 516 WerFault.exe Payment_Advice.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Payment_Advice.exe

description	pid	process	target process
PID 516 wrote to memory of 1080	516	Payment_Advice.exe	WerFault.exe
PID 516 wrote to memory of 1080	516	Payment_Advice.exe	WerFault.exe
PID 516 wrote to memory of 1080	516	Payment_Advice.exe	WerFault.exe
PID 516 wrote to memory of 1080	516	Payment_Advice.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Payment_Advice.exe
"C:\Users\Admin\AppData\Local\Temp\Payment_Advice.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 584
2⤵
- Program crash
PID:1080

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/516-54-0x0000000000E00000-0x0000000000EB8000-memory.dmp

Filesize
736KB

Download
memory/516-55-0x0000000000A80000-0x0000000000AFE000-memory.dmp

Filesize
504KB

Download
memory/1080-56-0x0000000000000000-mapping.dmp

Download