a5f6c3582d8e4c4bf08ecb4389a26a0724acfbe88cb1dc55c7e6eda8fb8fde8b | Triage

Analysis

max time kernel
835s
max time network
836s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 02:00

Sharing

Report Analysis Logs

General

Target

installer.exe
Size

2.0MB
MD5

db9387b8b5328adf2898eba2851e21c7
SHA1

6100a5dffa1f4d05c6ce029e1148e0f1e2649da1
SHA256

a5f6c3582d8e4c4bf08ecb4389a26a0724acfbe88cb1dc55c7e6eda8fb8fde8b
SHA512

ce1c97177cf16336a9f46d768360abd79a2726b80786422d62c02e2044cac590a33ef90d48bb91db19dbcdef4f4e3eb1e874078926f865317103ed12c93cefb4
SSDEEP

24576:f3Romk0GRu5XJH2ORDEhkcaHQinDq76L8j4oBYJSqppoTcXuJh:f3RZvGWJ+CminQkZGoXI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

installer.exe

description	pid	process	target process
PID 2176 wrote to memory of 2208	2176	installer.exe	WerFault.exe
PID 2176 wrote to memory of 2208	2176	installer.exe	WerFault.exe
PID 2176 wrote to memory of 2208	2176	installer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2176 -s 528
  2⤵
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-0-0x000007FEF5A23000-0x000007FEF5A24000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x0000000000A30000-0x0000000001A30000-memory.dmp

Filesize
16.0MB

Download