6c5b811486bfaa6b7e954a272ccfb5f4e6db723d7283ca00740ce9d94a442f33 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:27

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.HEUR.9272.5523.exe
Size

1.4MB
MD5

ae29a7f31e9acca36f6ef4a548a4275b
SHA1

b349b8d7bca7b4f2a913811c1c8fe9944a9b6165
SHA256

6c5b811486bfaa6b7e954a272ccfb5f4e6db723d7283ca00740ce9d94a442f33
SHA512

14848b3764486b5ea581462f104f49d3c1ee031eff2247f8b4667ace3eba2a9048d32396488b57a06710c88eaaff58aa9f222e6a6b615670f1ba9926c8571ed2
SSDEEP

24576:M8PTNYl/q6kmqeiumHOrUFYN30sSYbWhBR1QvhG3:MAKpRxe837WhBRih

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2108 1100 WerFault.exe SecuriteInfo.com.HEUR.9272.5523.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.HEUR.9272.5523.exe

description	pid	process	target process
PID 1100 wrote to memory of 2108	1100	SecuriteInfo.com.HEUR.9272.5523.exe	WerFault.exe
PID 1100 wrote to memory of 2108	1100	SecuriteInfo.com.HEUR.9272.5523.exe	WerFault.exe
PID 1100 wrote to memory of 2108	1100	SecuriteInfo.com.HEUR.9272.5523.exe	WerFault.exe
PID 1100 wrote to memory of 2108	1100	SecuriteInfo.com.HEUR.9272.5523.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.HEUR.9272.5523.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.HEUR.9272.5523.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 36
2⤵
- Program crash
PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads