21a3b261641329b4b3fbb79d32476bdd05a7a4453848cd0cd41407b90b2948e8 | Triage

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 13:23

Sharing

Report Analysis Logs

General

Target

URGENT REQUIREMENT.exe
Size

478KB
MD5

9d97e728e9d190e4be44cd0e2b6af94e
SHA1

f14cd79d94d5edf2f9b006689f468baa25e971c4
SHA256

81278e61b365975c3ba6eb47c4734c4831e2488dfd3357cf8d0d018b4a57123f
SHA512

c6765a669724cb5310501d855a87c194f3df9494dee1a71e08519a197d36f6ba698064e136ef290c2e8c2dabe9c65ee0cb42a5d2ae047e8c75c30d40d9a946a1
SSDEEP

12288:mT9ZvF2KWHeaAabCMWh+mgXlwCE9Ra6Mu2C/E:+9ZvF2zAabjJAW6Mu3/

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2044 1756 WerFault.exe URGENT REQUIREMENT.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

URGENT REQUIREMENT.exe

description	pid	process	target process
PID 1756 wrote to memory of 2044	1756	URGENT REQUIREMENT.exe	WerFault.exe
PID 1756 wrote to memory of 2044	1756	URGENT REQUIREMENT.exe	WerFault.exe
PID 1756 wrote to memory of 2044	1756	URGENT REQUIREMENT.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\URGENT REQUIREMENT.exe
"C:\Users\Admin\AppData\Local\Temp\URGENT REQUIREMENT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1756 -s 512
2⤵
- Program crash
PID:2044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-54-0x0000000000E10000-0x0000000000E8C000-memory.dmp

Filesize
496KB

Download
memory/2044-55-0x0000000000000000-mapping.dmp

Download