e36863d167b7d73f751b18671802e1cf61c8720ee62b0745316963435c230bc7 | Triage

Analysis

max time kernel
40s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-03-2023 10:08

Sharing

Report Analysis Logs

General

Target

8a1aefc.exe
Size

729KB
MD5

ab910af97f58303c92c89331b3573211
SHA1

84bd15105f9a60fdb63831e631a2ae7ea2ad6b12
SHA256

db693a6e2d410779dd0406e72d770fc10e682442658eec302b9254ff1f708727
SHA512

6469793738cb9f7cb8ec5b3529add7cf4e557a66559f9c3d6de3c8d72fa69204fa8f7d9b09c1e8f0fd7f0ccdb6dc243783737ff6f1d29136e5416604d8ea58a6
SSDEEP

12288:D4b4eMrbvbVqjEHsAGM6us7Fg5D+O0UZ0CDzc5IKBtxRvK/sp5:F+GsAxs7iDhF6CXcHI/s

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1188 1716 WerFault.exe 8a1aefc.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

8a1aefc.exe

description	pid	process	target process
PID 1716 wrote to memory of 1188	1716	8a1aefc.exe	WerFault.exe
PID 1716 wrote to memory of 1188	1716	8a1aefc.exe	WerFault.exe
PID 1716 wrote to memory of 1188	1716	8a1aefc.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\8a1aefc.exe
"C:\Users\Admin\AppData\Local\Temp\8a1aefc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1716 -s 520
2⤵
- Program crash
PID:1188

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-54-0x00000000001A0000-0x000000000025A000-memory.dmp

Filesize
744KB

Download