132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 18:39

Sharing

Report Analysis Logs

General

Target

file.exe
Size

1.9MB
MD5

539811c87f4654f1665e9a49c5457066
SHA1

f7b825496b715d84c2e87d8b60ebcf7505b6cd4c
SHA256

132289704de81e5014306f192b09c97c0252ce3fcc72d981779085e7b9a61cd0
SHA512

a654a2554828998ffd91fd60288fcf740813e129b2b375a42eaad049cd5bc7868a755e120a5b195f578eac9adde463f5c5b926e8f89a69122f697bb73e199e4d
SSDEEP

49152:/fZTmjlVqD/zL8EDMGWUt9PZWQKzw65ZkzQuKAW1Db96jIt6:/xy3qD/zL8HUt9Ygq6MukPh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2504 3036 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 3036 wrote to memory of 2504	3036	file.exe	WerFault.exe
PID 3036 wrote to memory of 2504	3036	file.exe	WerFault.exe
PID 3036 wrote to memory of 2504	3036	file.exe	WerFault.exe
PID 3036 wrote to memory of 2504	3036	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 48
  2⤵
  - Program crash
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3036-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3036-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download