62ee006d2f4afb965c7ce1a3bb1b2085b72da57c0a6c79ad0cae12fc41fb2a96 | Triage

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 09:55

Sharing

Report Analysis Logs

General

Target

FR OPTI.exe
Size

861KB
MD5

568cd98420699a0a18c181b7d2614c57
SHA1

d8069b859a1bc0c36b9d72af06e8b5d94fec1b5f
SHA256

62ee006d2f4afb965c7ce1a3bb1b2085b72da57c0a6c79ad0cae12fc41fb2a96
SHA512

24d8872e071c65967e13c1795170c0859e368a4e64ae5ab0debcd80083cc3623977a7b22024003e79b3e13ff4286bb0f734b5f81ce7e34ea2ed455ab40aa215b
SSDEEP

24576:W4TQcPTAcySiDNpfVkqgfPyU8/oa8reuaD:b70nS4pfVkqgy6r3a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1956 2652 WerFault.exe FR OPTI.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

FR OPTI.exe

description	pid	process	target process
PID 2652 wrote to memory of 1956	2652	FR OPTI.exe	WerFault.exe
PID 2652 wrote to memory of 1956	2652	FR OPTI.exe	WerFault.exe
PID 2652 wrote to memory of 1956	2652	FR OPTI.exe	WerFault.exe
PID 2652 wrote to memory of 1956	2652	FR OPTI.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\FR OPTI.exe
"C:\Users\Admin\AppData\Local\Temp\FR OPTI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 540
2⤵
- Program crash
PID:1956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2652-0-0x0000000074A9E000-0x0000000074A9F000-memory.dmp

Filesize
4KB

Download
memory/2652-1-0x0000000000E50000-0x0000000000F32000-memory.dmp

Filesize
904KB

Download