adf78868f15f3d05f9dc8146e080d8a5132418b3ec0bcf615841b0dc0a463a90 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-11-2024 17:07

Sharing

Report Analysis Logs

General

Target

activation.exe
Size

13KB
MD5

f92abba25b704e790d93cb75e30d58f2
SHA1

653703511436edb8bd46682e62c8f300828be89d
SHA256

adf78868f15f3d05f9dc8146e080d8a5132418b3ec0bcf615841b0dc0a463a90
SHA512

56f2d95502fcd296c42d8509f7e803814098c1d7965584d1e91d79ed47dd19d3d873031f06ef9200d14a663ba633958cf0633a3b6940c1d0d801a817cf978c07
SSDEEP

384:aFLou1CVtT4YpaT0YmeoZo33hUroJJUSF:8L/QVtTycihUsJJB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

activation.exe

description	pid	process	target process
PID 2736 wrote to memory of 3012	2736	activation.exe	WerFault.exe
PID 2736 wrote to memory of 3012	2736	activation.exe	WerFault.exe
PID 2736 wrote to memory of 3012	2736	activation.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\activation.exe
"C:\Users\Admin\AppData\Local\Temp\activation.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2736

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2736 -s 520
2⤵
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2736-0-0x000007FEF6403000-0x000007FEF6404000-memory.dmp

Filesize
4KB

Download
memory/2736-1-0x0000000000F70000-0x0000000000F78000-memory.dmp

Filesize
32KB

Download