e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062 | Triage

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 02:42

Sharing

Report Analysis Logs

General

Target

2545131b7880bd854f3c9148277af024.exe
Size

292KB
MD5

2545131b7880bd854f3c9148277af024
SHA1

846cf8458ca76e9cc8092218006c0e5bb1a68e8c
SHA256

e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062
SHA512

c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787
SSDEEP

3072:JOC+EnCeqk1oPh1MZf8EQ1DyWgi/ysf0e:EYN9oJ1MZ0JGW5rf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1376 2016 WerFault.exe 2545131b7880bd854f3c9148277af024.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2545131b7880bd854f3c9148277af024.exe

description	pid	process	target process
PID 2016 wrote to memory of 1376	2016	2545131b7880bd854f3c9148277af024.exe	WerFault.exe
PID 2016 wrote to memory of 1376	2016	2545131b7880bd854f3c9148277af024.exe	WerFault.exe
PID 2016 wrote to memory of 1376	2016	2545131b7880bd854f3c9148277af024.exe	WerFault.exe
PID 2016 wrote to memory of 1376	2016	2545131b7880bd854f3c9148277af024.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2545131b7880bd854f3c9148277af024.exe
"C:\Users\Admin\AppData\Local\Temp\2545131b7880bd854f3c9148277af024.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 96
2⤵
- Program crash
PID:1376

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-54-0x0000000000000000-mapping.dmp

Download