879a01350bb6c6ae13a52f9aa3d0b21198188b915567ba9fd6d5e0aeb55d146b | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 15:41

Sharing

Report Analysis Logs

General

Target

1227006289.exe
Size

151.1MB
MD5

0894a7528fb8be8ffc9bf9ef7eaba68b
SHA1

d38dbcf9e7c52656cfd48e73fe70b36c02b03c0b
SHA256

879a01350bb6c6ae13a52f9aa3d0b21198188b915567ba9fd6d5e0aeb55d146b
SHA512

8e87ce3fcb96716c964e44f89d1b036feb04bdb238285b7ec788d2ab8fcc84c4bd366cb327bb4560964c8c6357889dea19c76ce2962a8dfbc9efa6af9f66cf3a
SSDEEP

24576:lIHCA1uqM1oatbwvRpIgPAW88D6zNVBs6L:EuqM1oatUvR/gjBnL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2156 3016 WerFault.exe 1227006289.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1227006289.exe

description	pid	process	target process
PID 3016 wrote to memory of 2156	3016	1227006289.exe	WerFault.exe
PID 3016 wrote to memory of 2156	3016	1227006289.exe	WerFault.exe
PID 3016 wrote to memory of 2156	3016	1227006289.exe	WerFault.exe
PID 3016 wrote to memory of 2156	3016	1227006289.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\1227006289.exe
"C:\Users\Admin\AppData\Local\Temp\1227006289.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 52
2⤵
- Program crash
PID:2156

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3016-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/3016-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download