cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-07-2024 10:23

Sharing

Report Analysis Logs

General

Target

file.exe
Size

935KB
MD5

75a2d212a591a83a4d0c88a92b390b88
SHA1

8f69b79a0d6bc6b4def35b38ec46d15e6eb1c1d9
SHA256

cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71
SHA512

e7242ef4042f96743a6f999bee1a5ee93a88a6aa83385a28d2b868bd2c2f6734c0bc9192059e5a7862cff747a4dee8a16e9ac10cb659cbd2f05a4a040dd05a47
SSDEEP

24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3008 624 WerFault.exe file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 624 wrote to memory of 3008	624	file.exe	WerFault.exe
PID 624 wrote to memory of 3008	624	file.exe	WerFault.exe
PID 624 wrote to memory of 3008	624	file.exe	WerFault.exe
PID 624 wrote to memory of 3008	624	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 96
2⤵
- Program crash
PID:3008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/624-0-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download