6eb4bcd1025074e900c1d7d545f62ae9d92ba787f229b51a628ba941d708dea2 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 15:42

Sharing

Report Analysis Logs

General

Target

file.exe
Size

459KB
MD5

d816aec818e5be0a3b7af1aea4bca1d8
SHA1

39f33d063ce0dfb00ca28f591463b497448ef4a7
SHA256

6eb4bcd1025074e900c1d7d545f62ae9d92ba787f229b51a628ba941d708dea2
SHA512

ffd4d24764a92f63862f0bd2951ae951b6ec8938851de223c89ec3b9a9cb36b6381932b274e4336f6b4a4b23a2e7d1539c65d1cd52f8443b6edf7287f292f842
SSDEEP

12288:CKx2l/UOb3qihVErZBo+MV/73TXJELUve:W/L3qihVEVBzMRDXXm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1508 2236 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 2236 wrote to memory of 1508	2236	file.exe	WerFault.exe
PID 2236 wrote to memory of 1508	2236	file.exe	WerFault.exe
PID 2236 wrote to memory of 1508	2236	file.exe	WerFault.exe
PID 2236 wrote to memory of 1508	2236	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 48
2⤵
- Program crash
PID:1508

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2236-1-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download