b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686 | Triage

Analysis

max time kernel
77s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 08:02

Sharing

Report Analysis Logs

General

Target

SHIPPING DOC.exe
Size

478KB
MD5

2a2c37b0186b83c12b975807546da3fb
SHA1

a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
SHA256

b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
SHA512

d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
SSDEEP

12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1472 1180 WerFault.exe SHIPPING DOC.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SHIPPING DOC.exe

description	pid	process	target process
PID 1180 wrote to memory of 1472	1180	SHIPPING DOC.exe	WerFault.exe
PID 1180 wrote to memory of 1472	1180	SHIPPING DOC.exe	WerFault.exe
PID 1180 wrote to memory of 1472	1180	SHIPPING DOC.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SHIPPING DOC.exe
"C:\Users\Admin\AppData\Local\Temp\SHIPPING DOC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1180 -s 512
2⤵
- Program crash
PID:1472

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1180-54-0x00000000001C0000-0x000000000023C000-memory.dmp

Filesize
496KB

Download
memory/1472-55-0x0000000000000000-mapping.dmp

Download