2fa42459e3f9fcc0d84bbfbef1ac65b8f2c2c16d2b7b3d7f3a30d5c9b93d6e35 | Triage

Resubmissions

16/07/2023, 23:25

230716-3epvrahb54 6

16/07/2023, 23:19

230716-3a3k2shh7v 6

Analysis

max time kernel
15s
max time network
18s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/07/2023, 23:25

Sharing

Report Analysis Logs

General

Target

ServerCrasher.exe
Size

78KB
MD5

5cf22ad7c4d3ab44ba72fd6642aa643a
SHA1

31601a86aadbc370be0b3fa92f583b56ec20381d
SHA256

2fa42459e3f9fcc0d84bbfbef1ac65b8f2c2c16d2b7b3d7f3a30d5c9b93d6e35
SHA512

2c38548b000b119a104e97dfdc478e24596f96b5a57e8295b7eff2a3bffda5ef6db48b0f95692f339b4e722b27f6dfb62c8ad71ea36d8f4a1e57509a611282e7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+7PIC:5Zv5PDwbjNrmAE+zIC

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1692	2272	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1692	2272	ServerCrasher.exe	28
PID 2272 wrote to memory of 1692	2272	ServerCrasher.exe	28
PID 2272 wrote to memory of 1692	2272	ServerCrasher.exe	28

C:\Users\Admin\AppData\Local\Temp\ServerCrasher.exe
"C:\Users\Admin\AppData\Local\Temp\ServerCrasher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2272 -s 596
  2⤵
  - Program crash
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2272-53-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/2272-54-0x000000013FF60000-0x000000013FF78000-memory.dmp

Filesize
96KB

Download
memory/2272-55-0x000000001B960000-0x000000001B9E0000-memory.dmp

Filesize
512KB

Download
memory/2272-56-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download