b5d77fed0a18df78fb01988a49557da3435891077b905ca08b474032fc7526ff | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:38

Sharing

Report Analysis Logs

General

Target

74fc8a39716bcbfb33f532140c931981.exe
Size

125KB
MD5

74fc8a39716bcbfb33f532140c931981
SHA1

0118629ecd06eb6215c73157c1896aa2d537036b
SHA256

b5d77fed0a18df78fb01988a49557da3435891077b905ca08b474032fc7526ff
SHA512

fb0559bc3dea6389c9560a4a652d8c9305d38ea3e98218e9d0713a060a16102d5bbaff6b05ffa7d7e6d4d856d17999ceff55199a9e0e7bc1e75b720ad826ac39
SSDEEP

3072:3PVOehnHR+o3Ftx/9j+GaiQfSCiRUcianQ1uBRnL:bVHR+oVtBBEfuiaQEf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2684 2668 WerFault.exe 74fc8a39716bcbfb33f532140c931981.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74fc8a39716bcbfb33f532140c931981.exe

description	pid	process	target process
PID 2668 wrote to memory of 2684	2668	74fc8a39716bcbfb33f532140c931981.exe	WerFault.exe
PID 2668 wrote to memory of 2684	2668	74fc8a39716bcbfb33f532140c931981.exe	WerFault.exe
PID 2668 wrote to memory of 2684	2668	74fc8a39716bcbfb33f532140c931981.exe	WerFault.exe
PID 2668 wrote to memory of 2684	2668	74fc8a39716bcbfb33f532140c931981.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\74fc8a39716bcbfb33f532140c931981.exe
"C:\Users\Admin\AppData\Local\Temp\74fc8a39716bcbfb33f532140c931981.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 36
2⤵
- Program crash
PID:2684

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2668-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download