ab9a4daee46ae19fe1c2e4b874246275ec129216f3b6bda73e21f5bcebb0300b | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 01:36

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

1.2MB
MD5

8cb7db15a004f0aff7a13fe6cc9763b2
SHA1

464b2e63948ae75eb7506844d42440994b07c3b3
SHA256

ab9a4daee46ae19fe1c2e4b874246275ec129216f3b6bda73e21f5bcebb0300b
SHA512

bfe3b40d0c92993484fbd994c8738daec4adf1408608368381fd3cc294247b9f0b44a3bd9e99438121814666fde9114e2c2547da28f97773e848407f3b89ca5e
SSDEEP

24576:bu255/64fZGpA+9176wxT6OxvDI8D92/pzk1lf:v5vZGpA+917/JDp52/pAzf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2852 2832 WerFault.exe tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2832 wrote to memory of 2852	2832	tmp.exe	WerFault.exe
PID 2832 wrote to memory of 2852	2832	tmp.exe	WerFault.exe
PID 2832 wrote to memory of 2852	2832	tmp.exe	WerFault.exe
PID 2832 wrote to memory of 2852	2832	tmp.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 48
  2⤵
  - Program crash
  PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2832-0-0x0000000000A30000-0x0000000000B5D000-memory.dmp

Filesize
1.2MB

Download