db8c0f396eed480e441b4b2e283e34de7873c68cc051a8df5701dddec47a4578 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 14:53

Sharing

Report Analysis Logs

General

Target

out.exe
Size

1.9MB
MD5

5c2e8ccf6918379e3e2924985fdb4b19
SHA1

6a0d03299b17203a610121a6e59df9c262bb4ecb
SHA256

68f6db3ab7d4068e7e27e9b3627abe37bd5dc0c0bc400bde975790ae27e92ba5
SHA512

b106c8501e2979a350e0f93174225d2a357a126edca503b982ae30b9e99d0983c63cb2ee3900174fa5cb74ec65f11e1526a6052c3e961cd4eceba69f8234d1eb
SSDEEP

24576:ue2+m5hDnfpYn8ULaynEqJDqd2ekz48rjGBc6QbCUgPviVAZdg+tYRZA:ue2rZ2LaKDnek8ZUHVAZdg+0A

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1252	832	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1252	832	out.exe	28
PID 832 wrote to memory of 1252	832	out.exe	28
PID 832 wrote to memory of 1252	832	out.exe	28
PID 832 wrote to memory of 1252	832	out.exe	28

C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 36
  2⤵
  - Program crash
  PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads