1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 15:04

Sharing

Report Analysis Logs

General

Target

file.exe
Size

459KB
MD5

fdc69e7726f37315f2f576a3ca749c48
SHA1

44cb651c3be86b959e4e630e741189ad2c945c44
SHA256

1692db4e522605d93551ddcabeffa92a2cd43e764a134833644808319784b955
SHA512

de974aa0e7cb1393eefacbd90a87f2283af59004de217283b9dbba2c338935aa013ba738065747d2491248ca3d781ee7ede0044082a58da3fa21989e3431dc2f
SSDEEP

12288:REY+q1cYutAScujVzQ/B02L4dj5w2TUTup:W6ScuJzI028dNNUKp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2476 1368 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 1368 wrote to memory of 2476	1368	file.exe	WerFault.exe
PID 1368 wrote to memory of 2476	1368	file.exe	WerFault.exe
PID 1368 wrote to memory of 2476	1368	file.exe	WerFault.exe
PID 1368 wrote to memory of 2476	1368	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 48
2⤵
- Program crash
PID:2476

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1368-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download