af3979995f34103a34dc038da78b657b40d769c7b8e4a262ec3d1a932dcb2798 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-08-2022 16:55

Sharing

Report Analysis Logs

General

Target

tmpovy3vx4v.exe
Size

14.6MB
MD5

db1c586725e15af1e4a6548075864519
SHA1

6f246168c275972b1939b1f20606c95bad611a71
SHA256

af3979995f34103a34dc038da78b657b40d769c7b8e4a262ec3d1a932dcb2798
SHA512

7b22bdab3a3e4cd18a6554810e32b8e4aa6b45d7f8fbdcfbe687b271ac82968d0d6ec32a1ab46de9d402e91f67bf44dc908a0427917f6325023158a80818ff0d

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1964	2012	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1964	2012	tmpovy3vx4v.exe	28
PID 2012 wrote to memory of 1964	2012	tmpovy3vx4v.exe	28
PID 2012 wrote to memory of 1964	2012	tmpovy3vx4v.exe	28
PID 2012 wrote to memory of 1964	2012	tmpovy3vx4v.exe	28

C:\Users\Admin\AppData\Local\Temp\tmpovy3vx4v.exe
"C:\Users\Admin\AppData\Local\Temp\tmpovy3vx4v.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 224
  2⤵
  - Program crash
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download