cc14997d77769e4ddc065490161149594e2a78929efe99de485ccb6dd13547ae | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 11:50

Sharing

Report Analysis Logs

General

Target

WMS13.exe
Size

2.2MB
MD5

cd5316c1a6e8c0e9fff7250354611826
SHA1

68af1641aa39fee7c6545811a7165bb6867592be
SHA256

cc14997d77769e4ddc065490161149594e2a78929efe99de485ccb6dd13547ae
SHA512

3c646fabc1cc06de8914bb8796b7f4c301749663e898875bcf62ce03cd0d7e2adeae72a17c7a258f444642d550cc5bf8ff9e2f3089e55099909f4a50ff2ccce7
SSDEEP

49152:f9tNImgBmHFaTo5HWuufvHCTUBEneikDzkDDDt9:f9TOPTSHWLvynxknkDN9

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2992	2912	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2992	2912	WMS13.exe	28
PID 2912 wrote to memory of 2992	2912	WMS13.exe	28
PID 2912 wrote to memory of 2992	2912	WMS13.exe	28
PID 2912 wrote to memory of 2992	2912	WMS13.exe	28

C:\Users\Admin\AppData\Local\Temp\WMS13.exe
"C:\Users\Admin\AppData\Local\Temp\WMS13.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 540
  2⤵
  - Program crash
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2912-1-0x0000000074DC0000-0x00000000754AE000-memory.dmp

Filesize
6.9MB

Download
memory/2912-0-0x0000000000E70000-0x00000000010B2000-memory.dmp

Filesize
2.3MB

Download
memory/2912-2-0x0000000074DC0000-0x00000000754AE000-memory.dmp

Filesize
6.9MB

Download