608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b | Triage

Analysis

max time kernel
33s
max time network
44s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
31-07-2022 04:00

Sharing

Report Analysis Logs

General

Target

608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe
Size

180KB
MD5

079eeb586e7e582083387bd6c1342a87
SHA1

37dc6f6df1e3b634cf6d5d7eec52d28550db0732
SHA256

608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b
SHA512

c12a383e3e08d526da6c6dd4e1ccaaf4b842f04c7f3745de08f8e946a44330803472f14ed78a10ed434d55c7da3e4e3ca21582fb701c388b38bdff6477f47e0a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

972 1952 WerFault.exe 608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe

pid process

1952 608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe

description	pid	process	target process
PID 1952 wrote to memory of 972	1952	608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe	WerFault.exe
PID 1952 wrote to memory of 972	1952	608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe	WerFault.exe
PID 1952 wrote to memory of 972	1952	608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe	WerFault.exe
PID 1952 wrote to memory of 972	1952	608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe
"C:\Users\Admin\AppData\Local\Temp\608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 360
2⤵
- Program crash
PID:972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-60-0x0000000000000000-mapping.dmp

Download
memory/1952-56-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/1952-57-0x0000000003071000-0x0000000003076000-memory.dmp

Filesize
20KB

Download
memory/1952-58-0x00000000003E0000-0x00000000003EA000-memory.dmp

Filesize
40KB

Download
memory/1952-59-0x00000000003E0000-0x00000000003EA000-memory.dmp

Filesize
40KB

Download