85ef181e009bfda81cb00caafb0a7004ff1834c4f137c81723e20915504d7087 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 22:35

Sharing

Report Analysis Logs

General

Target

sample.exe
Size

305.4MB
MD5

8ac77f704640fa1c8feb9172302bf313
SHA1

9d767e665046f05a4d33431804d8fd82e2d11659
SHA256

9fcdb329122b918110be82e8040386798f1a0c28ad1d103bf06e5df6ec820aca
SHA512

286eb2cc9ae459ab3a23f2b154f7c932f406086d8facb439cd4e36ede755df2ca07ac87c67276cefe9bea363d5a583c4fe4ce4ea9827cf598e834812fb7509e2
SSDEEP

24576:HB/2VURbbHgU3pooooooooooooooooooooooooooooooooooooooooooooooooo7:HuU3HFq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

sample.exe

description	pid	process	target process
PID 2232 wrote to memory of 1796	2232	sample.exe	WerFault.exe
PID 2232 wrote to memory of 1796	2232	sample.exe	WerFault.exe
PID 2232 wrote to memory of 1796	2232	sample.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2232 -s 528
2⤵
PID:1796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x000007FEF5563000-0x000007FEF5564000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x000000013FB50000-0x0000000140B50000-memory.dmp

Filesize
16.0MB

Download