bce765dc1c317a4a09000a228a3ce7ba93d802fbb5c7934618f847f5c467aae0 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-04-2024 16:02

Sharing

Report Analysis Logs

General

Target

Setup.exe
Size

460KB
MD5

ce9903e5b7a9e6c90024b0a464b41563
SHA1

f6d2a961a83eeff8d37fc8b43530451997a23966
SHA256

bce765dc1c317a4a09000a228a3ce7ba93d802fbb5c7934618f847f5c467aae0
SHA512

3c7aae290acd1701a7035519db4dabc4a26ac36138cfa16947d3ee24cfc30df45fcad1cbd251802c9791a071fafeafe2ed3631f26f1806ca3295ab66a71d49e5
SSDEEP

12288:bxFiAgK2dK2csCm22WFg4wWivbSmZm6p2:LMK2tCOmgJWiWUj2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1508 2168 WerFault.exe Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Setup.exe

description	pid	process	target process
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe
PID 2168 wrote to memory of 1508	2168	Setup.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 256
  2⤵
  - Program crash
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2168-0-0x00000000009A0000-0x0000000000A14000-memory.dmp

Filesize
464KB

Download