415dd13c421a27ed96bf81579b112fbac05862405e9964e24ec8e9d4611d25f3 | Triage

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10/06/2023, 08:39

Sharing

Report Analysis Logs

General

Target

04008199.exe
Size

1.2MB
MD5

d5e5853f5a2a5a7413f26c625c0e240b
SHA1

0ced68483e7f3742a963f2507937bb7089de3ffe
SHA256

415dd13c421a27ed96bf81579b112fbac05862405e9964e24ec8e9d4611d25f3
SHA512

49ea9ab92ce5832e702fac6f56a7f7168f60d8271419460ed27970c4a0400e996c2ea097636fc145e355c4df5cfbf200b7bf3c691133f72e4cad228f570b91e4
SSDEEP

12288:QH1eYXlVeneL/AuCeGhqzjheKTnHdQSR9wlPlVlbzl+lwlElPS3PomNX:QVZVeneLYcmiN7Q6Md3dMyuI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
952	1996	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 952	1996	04008199.exe	27
PID 1996 wrote to memory of 952	1996	04008199.exe	27
PID 1996 wrote to memory of 952	1996	04008199.exe	27
PID 1996 wrote to memory of 952	1996	04008199.exe	27

C:\Users\Admin\AppData\Local\Temp\04008199.exe
"C:\Users\Admin\AppData\Local\Temp\04008199.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 152
  2⤵
  - Program crash
  PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-54-0x0000000000FF0000-0x000000000112B000-memory.dmp

Filesize
1.2MB

Download