6c179c2b5cda41d940a552f19def20711f7389d3188d7646c45b7963f2049667 | Triage

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-09-2022 10:59

Sharing

Report Analysis Logs

General

Target

file.exe
Size

657KB
MD5

408866829065c70ccb93d6af75b2f04b
SHA1

c2abb3f1434d1f1996dc6569f1d289eda41edcca
SHA256

6c179c2b5cda41d940a552f19def20711f7389d3188d7646c45b7963f2049667
SHA512

724ed56fc9409f77e8c804101f45de8ccf453642b59f124c647dc3ef5936ce2adbb74befdd5d1590cc3b9fe7ef1f9a864128b545ae5746cb822f22c19244af45
SSDEEP

6144:VoxIpwTnoNlR/DU7yhezwmQsrmMxzG8pCoHM3g:VoxIpwTnoDR/DUmhwxQspo8VsQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
936	1368	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	Process	procid_target
PID 1368 wrote to memory of 936	1368	file.exe	28
PID 1368 wrote to memory of 936	1368	file.exe	28
PID 1368 wrote to memory of 936	1368	file.exe	28
PID 1368 wrote to memory of 936	1368	file.exe	28

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 96
  2⤵
  - Program crash
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-54-0x0000000000000000-mapping.dmp

Download