bb15fd44589f29f34e347b3023fd24b1f7e83f33021ca171f1f0f5b617680712 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:27

Sharing

Report Analysis Logs

General

Target

7517cd0914954ce19f0b14101eda4d4b.exe
Size

59KB
MD5

7517cd0914954ce19f0b14101eda4d4b
SHA1

d7327f02be0f069a082337ac54389caf7c34fe5f
SHA256

bb15fd44589f29f34e347b3023fd24b1f7e83f33021ca171f1f0f5b617680712
SHA512

32197e6af0f93947edc7dfe12a3da9c4e86f367b787f0aa2cccedeba2dd5e030d947132988a64eb193c536965a11ce3f790a5b1a6b1900db6f983fa565e4b9ae
SSDEEP

1536:q0WNhA0ZFZBtfo/SCRT/OypygbpYZku6Z:q0wfo/SCZmbmpYZiZ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2208 1152 WerFault.exe 7517cd0914954ce19f0b14101eda4d4b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7517cd0914954ce19f0b14101eda4d4b.exe

description	pid	process	target process
PID 1152 wrote to memory of 2208	1152	7517cd0914954ce19f0b14101eda4d4b.exe	WerFault.exe
PID 1152 wrote to memory of 2208	1152	7517cd0914954ce19f0b14101eda4d4b.exe	WerFault.exe
PID 1152 wrote to memory of 2208	1152	7517cd0914954ce19f0b14101eda4d4b.exe	WerFault.exe
PID 1152 wrote to memory of 2208	1152	7517cd0914954ce19f0b14101eda4d4b.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7517cd0914954ce19f0b14101eda4d4b.exe
"C:\Users\Admin\AppData\Local\Temp\7517cd0914954ce19f0b14101eda4d4b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 120
2⤵
- Program crash
PID:2208

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-0-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download