849d5700c0c0ea4b6f3f81f4aa62a549f08a9af4a2d6c2ee4ec26ade6dc82077 | Triage

Analysis

max time kernel
844s
max time network
848s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21-08-2023 22:40

Sharing

Report Analysis Logs

General

Target

installer-package.exe
Size

302.3MB
MD5

5846dc26ee52c800031bbb1939c771c2
SHA1

cbdd0a97644525e705a2d18005738a92a4f48b6d
SHA256

a0114420ff98f4f09df676527add4ccaaf4326b4bd0c87b153d1ea71adf50022
SHA512

e84048e02239ad8c78ea3d57cbc705d283c630514dc9cbc316d7edba54a7e5b33c95b8ed40d6fe23d74e4d19308f078e39955465df7a2e2d7cd71fd73d0f662f
SSDEEP

49152:ihduY5Y45wfJqs4W+f3jJa3ppppppppppppppppppppppppppppppppppppppppV:iy

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1164 2228 WerFault.exe installer-package.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

installer-package.exe

description	pid	process	target process
PID 2228 wrote to memory of 1164	2228	installer-package.exe	WerFault.exe
PID 2228 wrote to memory of 1164	2228	installer-package.exe	WerFault.exe
PID 2228 wrote to memory of 1164	2228	installer-package.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\installer-package.exe
"C:\Users\Admin\AppData\Local\Temp\installer-package.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2228 -s 532
2⤵
- Program crash
PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2228-54-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

Filesize
9.9MB

Download
memory/2228-55-0x000000013F270000-0x0000000140270000-memory.dmp

Filesize
16.0MB

Download
memory/2228-56-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

Filesize
9.9MB

Download