e12f10a0af77a8d490d2ab03dd3119aa10d59cdd54ccb2678427687fb882bff2 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09/03/2023, 17:57

Sharing

Report Analysis Logs

General

Target

EADED0B7B122EDC41D2FC2787328A90F.exe
Size

10KB
MD5

eaded0b7b122edc41d2fc2787328a90f
SHA1

cb0da0af71a4db5199bc38e0b14c9ebb5b8db491
SHA256

e12f10a0af77a8d490d2ab03dd3119aa10d59cdd54ccb2678427687fb882bff2
SHA512

31216f29d19979cd6a184825efb4b9c9eb0807f789310d921d59e2afc95e7587bf3289101c08fabad93d4ff503781b1148ab69f5e2390d991ec016edecec7997
SSDEEP

192:TIbwQHltB8nbPuQygjzqN/+LaTCDLIfaw8wFkGtc:TYbNgjzqN/+L3DLIScbt

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1632	1932	WerFault.exe	24

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1632	1932	EADED0B7B122EDC41D2FC2787328A90F.exe	29
PID 1932 wrote to memory of 1632	1932	EADED0B7B122EDC41D2FC2787328A90F.exe	29
PID 1932 wrote to memory of 1632	1932	EADED0B7B122EDC41D2FC2787328A90F.exe	29

C:\Users\Admin\AppData\Local\Temp\EADED0B7B122EDC41D2FC2787328A90F.exe
"C:\Users\Admin\AppData\Local\Temp\EADED0B7B122EDC41D2FC2787328A90F.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1932 -s 552
  2⤵
  - Program crash
  PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-54-0x000000013F7B0000-0x000000013F7B6000-memory.dmp

Filesize
24KB

Download