7786d7b06711a5522743db153f82a0beb002b8e07f7024270e26e9c85165fbf0 | Triage

Analysis

max time kernel
2s
max time network
0s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 22:02

Sharing

Report Analysis Logs

General

Target

ExtraSoft.exe
Size

456KB
MD5

8d01e8e24ed21d1a1b765cb08b124215
SHA1

da49674f06b480e2aa3d6b3a24a9aff5fa135ecf
SHA256

7786d7b06711a5522743db153f82a0beb002b8e07f7024270e26e9c85165fbf0
SHA512

0a53f97148cb3a6af941f904fa5dab3277bb82a9c40ab1c0c2fc9977068e8f07a83217d50d4c994404cb65808db325c88ef67e73df930ff534e1b631f11f776a
SSDEEP

12288:4IRTR9mH1W86Ap16AqsTwhQ0Q6ZvRgipF:jFkdKsIQ36ZeuF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1908 840 WerFault.exe ExtraSoft.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ExtraSoft.exe

description	pid	process	target process
PID 840 wrote to memory of 1908	840	ExtraSoft.exe	WerFault.exe
PID 840 wrote to memory of 1908	840	ExtraSoft.exe	WerFault.exe
PID 840 wrote to memory of 1908	840	ExtraSoft.exe	WerFault.exe
PID 840 wrote to memory of 1908	840	ExtraSoft.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ExtraSoft.exe
"C:\Users\Admin\AppData\Local\Temp\ExtraSoft.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 120
  2⤵
  - Program crash
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/840-0-0x0000000000960000-0x00000000009D3000-memory.dmp

Filesize
460KB

Download