b7081efe2a4543d928f6977959c31b8eede94b0c380474e316e05f1dd03ae48f | Triage

Analysis

max time kernel
67s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/10/2022, 17:12

Sharing

Report Analysis Logs

General

Target

new order 00041221.exe
Size

940KB
MD5

ad8cacdcb483b9e65eb6a5aab0d6354f
SHA1

88ea84321dc685f50770e3b094ee7ce24c33ca60
SHA256

b7081efe2a4543d928f6977959c31b8eede94b0c380474e316e05f1dd03ae48f
SHA512

8c842610ae6234b4a5f5d3d48650d233c7d48de5d9eeeff9d85a0e00c58497e2b5c797705afd72769af7a55258dd6713cbfceb66daa36e1168e0c675dd92919d
SSDEEP

12288:6A7qiVRC5nvIMJlme3mfn7VbMP++4DovADqjJ5nXOc17t:kioI2lmsmfn5YW+JXjrXOcxt

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
860	1912	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 860	1912	new order 00041221.exe	28
PID 1912 wrote to memory of 860	1912	new order 00041221.exe	28
PID 1912 wrote to memory of 860	1912	new order 00041221.exe	28
PID 1912 wrote to memory of 860	1912	new order 00041221.exe	28

C:\Users\Admin\AppData\Local\Temp\new order 00041221.exe
"C:\Users\Admin\AppData\Local\Temp\new order 00041221.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 680
  2⤵
  - Program crash
  PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-54-0x0000000000B60000-0x0000000000C52000-memory.dmp

Filesize
968KB

Download
memory/1912-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1912-56-0x0000000000950000-0x0000000000970000-memory.dmp

Filesize
128KB

Download