51cba9b4aefefaf72a791e1929f98553f50d643a22179a6aaac9d13f45ea8b43 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 15:46

Sharing

Report Analysis Logs

General

Target

file.exe
Size

355KB
MD5

22152460b13e4c2473dc3fcdea192933
SHA1

48ce4a69302e860cd905cd02a10aac942f09d9f3
SHA256

51cba9b4aefefaf72a791e1929f98553f50d643a22179a6aaac9d13f45ea8b43
SHA512

1dbcc6f21c9adfc4f28434cffac8c00fb251e3fbf574a69345792837989f74bfc74a67462e7c4f71333a07caf90e0f3e6c51daf0b2640bae3e06af14c8855104
SSDEEP

6144:KnRqyzZ8VqCaMx3CkcY7FGCdGr0gx1POGIAYanWdHBSxz27XrvnksFwemJ:6RqyzZ2IOGCgfPOGI2nWdhSzUbkReG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2352 2232 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 2232 wrote to memory of 2352	2232	file.exe	WerFault.exe
PID 2232 wrote to memory of 2352	2232	file.exe	WerFault.exe
PID 2232 wrote to memory of 2352	2232	file.exe	WerFault.exe
PID 2232 wrote to memory of 2352	2232	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 48
2⤵
- Program crash
PID:2352

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download