67fcab0ea895e69d884bf283088d75a4051062b3c5c028325042fe2d13af52d8 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 17:56

Sharing

Report Analysis Logs

General

Target

Insomnia.exe
Size

533KB
MD5

03a847ab7c37c2afc5153913ff897be3
SHA1

e9a9b56bb97a039a6063c7b70d398bf2f0038072
SHA256

67fcab0ea895e69d884bf283088d75a4051062b3c5c028325042fe2d13af52d8
SHA512

ee7750ce6c2497eced516b094e61ff05497bbefb83efaa6fb172e9e02ccc475ad9fbf0f04009921b9e0db538d7a511c7884174955c207292aae0ccc72e8a8791
SSDEEP

12288:RxYEZoQZq11WygpAKRcT3hUVwabQIP+P0Xp:RxY0Zq1KRW3hUuan

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1912 1152 WerFault.exe Insomnia.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Insomnia.exe

description	pid	process	target process
PID 1152 wrote to memory of 1912	1152	Insomnia.exe	WerFault.exe
PID 1152 wrote to memory of 1912	1152	Insomnia.exe	WerFault.exe
PID 1152 wrote to memory of 1912	1152	Insomnia.exe	WerFault.exe
PID 1152 wrote to memory of 1912	1152	Insomnia.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Insomnia.exe
"C:\Users\Admin\AppData\Local\Temp\Insomnia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 52
2⤵
- Program crash
PID:1912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/1152-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download