f722a0e06ec33fbce7aac031cc3417e72d0ad746ca0bfe38fe206080e7986c2d | Triage

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 16:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WagasService10024.exe
Size

170KB
MD5

4819cdb8e31836044621a15be081df70
SHA1

43477a885cf9989a9d876a1751da2ff6605904dd
SHA256

f722a0e06ec33fbce7aac031cc3417e72d0ad746ca0bfe38fe206080e7986c2d
SHA512

cb999cea9770f4c793c20f9189cff165423a06e6b8e6199fedb2294526d5555c43a324cb4ef8857699cd0baaec6de3f410b9bdd5606c97549b2a160066707fba
SSDEEP

3072:2w/1BIvSwIpUHw2Or3Bzg/yQS18/ku3iK+Ffa:2w/1UuUHzOFzg/yQS18s

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1720	1376	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1720	1376	WagasService10024.exe	28
PID 1376 wrote to memory of 1720	1376	WagasService10024.exe	28
PID 1376 wrote to memory of 1720	1376	WagasService10024.exe	28
PID 1376 wrote to memory of 1720	1376	WagasService10024.exe	28

C:\Users\Admin\AppData\Local\Temp\WagasService10024.exe
"C:\Users\Admin\AppData\Local\Temp\WagasService10024.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 540
  2⤵
  - Program crash
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-54-0x00000000011D0000-0x0000000001200000-memory.dmp

Filesize
192KB

Download