bac6488f76da4691540401614bc665dfc5bec8d875cb26e72870c65ac43fe268 | Triage

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-02-2023 16:51

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

394KB
MD5

d74c5647d791583241baa5061e0063c9
SHA1

e404c6041dca2f3b767231e38dfca8faecca10ca
SHA256

bac6488f76da4691540401614bc665dfc5bec8d875cb26e72870c65ac43fe268
SHA512

7a60a3dc49c64f35a7d9b8838e45cb687f023778f65feb3c89d2465306bf1bfc300022e0ac1fbc7c2f5f8c69ce6b2bf78cabf2519a0919552d14ea4734ab579e
SSDEEP

12288:rkNkHyWEXeqvQYVby7+OLn2yTp/uzdGDHpc:skDqvQYV+qOL2y9/uzdGL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1988 1044 WerFault.exe tmp.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 1044 wrote to memory of 1988	1044	tmp.exe	WerFault.exe
PID 1044 wrote to memory of 1988	1044	tmp.exe	WerFault.exe
PID 1044 wrote to memory of 1988	1044	tmp.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1044 -s 580
2⤵
- Program crash
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x00000000010E0000-0x0000000001148000-memory.dmp

Filesize
416KB

Download
memory/1988-55-0x0000000000000000-mapping.dmp

Download