4905ecda46a5a03e0d6c5a8144ec47063109fc2eb5fbb5e06722080e63eb7394 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 01:27

Sharing

Report Analysis Logs

General

Target

Chron.exe
Size

490KB
MD5

f87135178fe6abd26406c9a9d026894a
SHA1

dfcea258c1e56097601f7a5e7fb4e4f9a6aec3eb
SHA256

4905ecda46a5a03e0d6c5a8144ec47063109fc2eb5fbb5e06722080e63eb7394
SHA512

885ec3c0a56ec5247579f85ae83d909c43264c4466dfeab24bb7d2d388f1a3f2abce0136303726384c2c91b2a398d84e8ec09c21ef81c70e74157d21f9c7b251
SSDEEP

6144:FLXU3QBk29LvIY28arOtXNt25Qd9lxtPoCFbfgKrcwny2BHaxK7:5U3yu9WQQT9oCFKwn7B6i

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1288 620 WerFault.exe Chron.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Chron.exe

description	pid	process	target process
PID 620 wrote to memory of 1288	620	Chron.exe	WerFault.exe
PID 620 wrote to memory of 1288	620	Chron.exe	WerFault.exe
PID 620 wrote to memory of 1288	620	Chron.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Chron.exe
"C:\Users\Admin\AppData\Local\Temp\Chron.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 620 -s 540
  2⤵
  - Program crash
  PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/620-54-0x0000000000C90000-0x0000000000D10000-memory.dmp

Filesize
512KB

Download
memory/1288-55-0x0000000000000000-mapping.dmp

Download