e71eba9f1a6afd930acf53b8aac467f256735ec0a52011934d9a5da38555ce61 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-11-2022 15:23

Sharing

Report Analysis Logs

General

Target

oos.exe
Size

504KB
MD5

af1e6840f7351cf6ade207de11a9983f
SHA1

dbc4f725029b7243c4297f668a1ad3b9dfdecd4d
SHA256

e71eba9f1a6afd930acf53b8aac467f256735ec0a52011934d9a5da38555ce61
SHA512

b4d4b46a7211f8032f5e8871218445046334024b3dc40b8ac7d0ff056aefe3f46dd0c602e003d3b71024d85a6f5e1004e3b604f8ddb0283e407e352905f7db27
SSDEEP

6144:E/Ya3uK4MW5sl80PF2hV/4puXyjSJ5DwFiyycdFXErWlsAOZZgjXAcjgXy6N:E/YaejslPd2f/4njSJJwLZ5sfZgwrN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1456 1212 WerFault.exe oos.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

oos.exe

description	pid	process	target process
PID 1212 wrote to memory of 1456	1212	oos.exe	WerFault.exe
PID 1212 wrote to memory of 1456	1212	oos.exe	WerFault.exe
PID 1212 wrote to memory of 1456	1212	oos.exe	WerFault.exe
PID 1212 wrote to memory of 1456	1212	oos.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\oos.exe
"C:\Users\Admin\AppData\Local\Temp\oos.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 172
2⤵
- Program crash
PID:1456

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download
memory/1456-55-0x0000000000000000-mapping.dmp

Download