504638ac74851459833b970b0f9aa5e321ccfd8f939a3a19295214048c1875c3 | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
06-08-2022 07:31

Sharing

Report Analysis Logs

General

Target

ac42168f7750218d4fd97365da4473dc.exe
Size

6.8MB
MD5

ac42168f7750218d4fd97365da4473dc
SHA1

ce6e29ef4b784f92311faf9468263548e0f15b95
SHA256

504638ac74851459833b970b0f9aa5e321ccfd8f939a3a19295214048c1875c3
SHA512

ea482b35bf1e20dca1142d36a19286498add70fe32b7434085a8b7fb026320f68fac07f3ba4282a1d5576f9f13ca00805fa4d01ac5d796e110ddc4616dd3bb90

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1664 1932 WerFault.exe ac42168f7750218d4fd97365da4473dc.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ac42168f7750218d4fd97365da4473dc.exe

description	pid	process	target process
PID 1932 wrote to memory of 1664	1932	ac42168f7750218d4fd97365da4473dc.exe	WerFault.exe
PID 1932 wrote to memory of 1664	1932	ac42168f7750218d4fd97365da4473dc.exe	WerFault.exe
PID 1932 wrote to memory of 1664	1932	ac42168f7750218d4fd97365da4473dc.exe	WerFault.exe
PID 1932 wrote to memory of 1664	1932	ac42168f7750218d4fd97365da4473dc.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ac42168f7750218d4fd97365da4473dc.exe
"C:\Users\Admin\AppData\Local\Temp\ac42168f7750218d4fd97365da4473dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 520
  2⤵
  - Program crash
  PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-56-0x0000000000000000-mapping.dmp

Download
memory/1932-54-0x0000000000920000-0x0000000000C04000-memory.dmp

Filesize
2.9MB

Download