dfd88d1b834dac64cb82037099eff4e0d062011c712b7d413041a801ba0ac0ae | Triage

Analysis

max time kernel
185s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 13:14

Sharing

Report Analysis Logs

General

Target

file.exe
Size

1.6MB
MD5

99a680e7d710652344ed23a9fe40e832
SHA1

0a60ed32ba9c50d437d66bca85f48c05798c0d40
SHA256

dfd88d1b834dac64cb82037099eff4e0d062011c712b7d413041a801ba0ac0ae
SHA512

6080cd8ae8df3bfb958c390ad018916885b4bb7fee6233d717907fe6abcd5a6a0434da872497277bcc71edbfe44970cc8a28f0cabed26cde1bb0c4fb06b40bab
SSDEEP

24576:xefSX7ktn93nXwm9pn0vONAbkqkQyHNbRfdJuOfA45TLqJqJFBURqUH:c6r4ZnWPQqkQIdw0ASJF+qUH

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5076	1444	WerFault.exe	79
2244	1444	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 5076	1444	file.exe	82
PID 1444 wrote to memory of 5076	1444	file.exe	82
PID 1444 wrote to memory of 5076	1444	file.exe	82

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 376
  2⤵
  - Program crash
  PID:5076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 376
  2⤵
  - Program crash
  PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 1444 -ip 1444
1⤵
PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads