6cfc4dfd10e4a160e8d70e9a8178288daff0ec49e39dd5f45f9ea553b94b4a8f | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-01-2023 11:34

Sharing

Report Analysis Logs

General

Target

file.exe
Size

693KB
MD5

2bfb1210836df1f8cd8ad0b23a4e751b
SHA1

a9f0b00f0f237557338a7fdad9be320aff5c914b
SHA256

6cfc4dfd10e4a160e8d70e9a8178288daff0ec49e39dd5f45f9ea553b94b4a8f
SHA512

52cb115ec999c2af7a781bd5e42ca8dcb2df9c7660ddf2f8103212bac18f9fbf2610d3593102532dc84b63f790da9f830d5e244ff586277f9b46bbc7522cbc96
SSDEEP

12288:dM7vTkRj+7mrsHXoVjFlXWRFrvUo9qU7wL/K0ifFAdEB3aB/Ksq/Ksd/KsS:di2j+UQ4FFYrvMQS//kUQ3gidi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1204 856 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

file.exe

description	pid	process	target process
PID 856 wrote to memory of 1204	856	file.exe	WerFault.exe
PID 856 wrote to memory of 1204	856	file.exe	WerFault.exe
PID 856 wrote to memory of 1204	856	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 856 -s 580
2⤵
- Program crash
PID:1204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-54-0x00000000011F0000-0x000000000129E000-memory.dmp

Filesize
696KB

Download
memory/1204-55-0x0000000000000000-mapping.dmp

Download