fad264acc346be1e63cd47611cd305cb9c894a13843119e22e87744808295387 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 07:11

Sharing

Report Analysis Logs

General

Target

f88272ea7674d3acedd8adcf7643c598.exe
Size

420KB
MD5

f88272ea7674d3acedd8adcf7643c598
SHA1

0066fd44e2cd9293af414f735bd80456f4e3eb1d
SHA256

fad264acc346be1e63cd47611cd305cb9c894a13843119e22e87744808295387
SHA512

3d3435572767b85307271519a5a51668e284cc9aa0d09bf024aaff31a4b4329bb189c627ceda90ba00f02445f0d34f4de642b30b054ecf9d1ac88babeb113963
SSDEEP

12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

344 348 WerFault.exe f88272ea7674d3acedd8adcf7643c598.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f88272ea7674d3acedd8adcf7643c598.exe

description	pid	process	target process
PID 348 wrote to memory of 344	348	f88272ea7674d3acedd8adcf7643c598.exe	WerFault.exe
PID 348 wrote to memory of 344	348	f88272ea7674d3acedd8adcf7643c598.exe	WerFault.exe
PID 348 wrote to memory of 344	348	f88272ea7674d3acedd8adcf7643c598.exe	WerFault.exe
PID 348 wrote to memory of 344	348	f88272ea7674d3acedd8adcf7643c598.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\f88272ea7674d3acedd8adcf7643c598.exe
"C:\Users\Admin\AppData\Local\Temp\f88272ea7674d3acedd8adcf7643c598.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 96
2⤵
- Program crash
PID:344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/348-0-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download