360896b9cf3160c2299575891f559b6d3ce007d7fa442061d291dd65891f6bf9 | Triage

Analysis

max time kernel
121s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/02/2023, 17:35

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

1.0MB
MD5

73d3db61836f4fd75aaa6a91c01ac591
SHA1

9fd779727cbaa038d690d133daf69ff2dbe6e609
SHA256

360896b9cf3160c2299575891f559b6d3ce007d7fa442061d291dd65891f6bf9
SHA512

af4b1ab31751aaba657b543dd0c5958b6c1663eb790bdf11ee6e258d1edda79750f6368e60dd46d943c8d0a1582102d2ee30857a259659290395d282077c5621
SSDEEP

24576:iadTl2nMSGmA0z9NXT9t0S1hRFK6kGJhrN6+d:iQl2K5ED9t0S3RY1GLrJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1308	1800	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1308	1800	tmp.exe	28
PID 1800 wrote to memory of 1308	1800	tmp.exe	28
PID 1800 wrote to memory of 1308	1800	tmp.exe	28
PID 1800 wrote to memory of 1308	1800	tmp.exe	28

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 172
  2⤵
  - Program crash
  PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-54-0x0000000000A20000-0x0000000000B56000-memory.dmp

Filesize
1.2MB

Download
memory/1800-55-0x0000000001F60000-0x00000000020EB000-memory.dmp

Filesize
1.5MB

Download
memory/1800-56-0x00000000000A0000-0x00000000000A4000-memory.dmp

Filesize
16KB

Download