Analysis
-
max time kernel
4s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
04-08-2022 13:31
Static task
static1
Behavioral task
behavioral1
Sample
tmpCF8A.tmp.exe
Resource
win7-20220715-en
windows7-x64
2 signatures
150 seconds
General
-
Target
tmpCF8A.tmp.exe
-
Size
52KB
-
MD5
d8e1495b46cded57eb1423b8bb789834
-
SHA1
db64bc20550e51c602dbb92d07c8f02842efebcc
-
SHA256
aa2d97b5be06be67ec04774ad681da6113ee2b4929c0539929bbac19926682c8
-
SHA512
8b785d7f8d5fdf12dd9a5414050d403e861fd3f9ac09bceebc57b2f178c6f145389783ed1035b5e6f9b627b3d4d978f3ad9bf8195d92e20f585ef92667e4cabb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1768 1704 WerFault.exe tmpCF8A.tmp.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
tmpCF8A.tmp.exedescription pid process target process PID 1704 wrote to memory of 1768 1704 tmpCF8A.tmp.exe WerFault.exe PID 1704 wrote to memory of 1768 1704 tmpCF8A.tmp.exe WerFault.exe PID 1704 wrote to memory of 1768 1704 tmpCF8A.tmp.exe WerFault.exe PID 1704 wrote to memory of 1768 1704 tmpCF8A.tmp.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1768-54-0x0000000000000000-mapping.dmp