b10347510cb12fe19b5673f542543054fd352bc438af283db3560be0cb2e8a2d | Triage

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/03/2023, 15:05

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

753KB
MD5

2ff8305b61e27485d5ce6fd583c14397
SHA1

1dd31a165381e4f21119e1771a3fea2aba8d2e3c
SHA256

b10347510cb12fe19b5673f542543054fd352bc438af283db3560be0cb2e8a2d
SHA512

a3c0412f0a54480aeb536f56e83aae04ccd9d47973f1dd233d47c980525aca9acf0d82e7b53f132a83091c5f815252bc6212c8162c1a5938c37993725ace0e77
SSDEEP

12288:5DEpQf2jPCvqSFj33p1Csge0c1ynFtIK9ksWNN99UGXJGRTwNUECx:5oSoK7BJ1Csuwy/It99LJTfC

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	2032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1988	2032	tmp.exe	28
PID 2032 wrote to memory of 1988	2032	tmp.exe	28
PID 2032 wrote to memory of 1988	2032	tmp.exe	28
PID 2032 wrote to memory of 1988	2032	tmp.exe	28

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 648
  2⤵
  - Program crash
  PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-54-0x0000000000D10000-0x0000000000DD2000-memory.dmp

Filesize
776KB

Download
memory/2032-55-0x0000000000610000-0x0000000000650000-memory.dmp

Filesize
256KB

Download
memory/2032-56-0x0000000000610000-0x0000000000650000-memory.dmp

Filesize
256KB

Download