3c4e99d0feb74839f278b7bdebfb6ab682d7eaa07072439b08d197ae8abd9600 | Triage

Analysis

max time kernel
56s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 15:17

Sharing

Report Analysis Logs

General

Target

YENİ SİPARİŞ-CVEQ530334.exe
Size

448KB
MD5

fbd18c65e9a0c3134b1097081c6dba05
SHA1

d1036152a495eb3eddb97b1aa67ac95033967101
SHA256

3c4e99d0feb74839f278b7bdebfb6ab682d7eaa07072439b08d197ae8abd9600
SHA512

34d7bac0c4f8277717938869ddd3f1dcd6b25ace152c5c7d34734eb766ef9a7f40c59b2a18ff3b61acb80c7e79e20b722257e5122e0121cc4c647fb097b0fce3
SSDEEP

12288:8KgDN3xG0EBB270P1LpGxVcI2WFPeBY0NsaG3:8DDN3zEA0v0PZeQa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

432 948 WerFault.exe YENİ SİPARİŞ-CVEQ530334.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

YENİ SİPARİŞ-CVEQ530334.exe

description	pid	process	target process
PID 948 wrote to memory of 432	948	YENİ SİPARİŞ-CVEQ530334.exe	WerFault.exe
PID 948 wrote to memory of 432	948	YENİ SİPARİŞ-CVEQ530334.exe	WerFault.exe
PID 948 wrote to memory of 432	948	YENİ SİPARİŞ-CVEQ530334.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\YENİ SİPARİŞ-CVEQ530334.exe
"C:\Users\Admin\AppData\Local\Temp\YENİ SİPARİŞ-CVEQ530334.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 948 -s 516
  2⤵
  - Program crash
  PID:432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/432-55-0x0000000000000000-mapping.dmp

Download
memory/948-54-0x0000000000800000-0x0000000000874000-memory.dmp

Filesize
464KB

Download