8059343dd1bd2043009e81a54115ea921ebe7467c35ac05c43e6acd013eec085 | Triage

Analysis

max time kernel
32s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21/05/2023, 01:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

2.3MB
MD5

bdbc48b665a422c5845109cc594536a6
SHA1

a3e7b4c35d31f0479af9be082b85910cf1e68fa6
SHA256

8059343dd1bd2043009e81a54115ea921ebe7467c35ac05c43e6acd013eec085
SHA512

39c22e0a4864f3665d692343799160413ee6ed51e6e6a62c0c7da1cf7de46c5b057fce9826d69bb6044b9171700de75cc639be0da1e75a824a2c0ccc1735657f
SSDEEP

49152:d53xYNqUy45WgWBJNf8UVYfVRgQyPbuQ7ROwYkP8iEhy5PntI/:d1uNjWfTNfNEa5TzRH8kxnt0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	1660	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2028	1660	file.exe	27
PID 1660 wrote to memory of 2028	1660	file.exe	27
PID 1660 wrote to memory of 2028	1660	file.exe	27
PID 1660 wrote to memory of 2028	1660	file.exe	27

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 568
  2⤵
  - Program crash
  PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-54-0x00000000003E0000-0x0000000000632000-memory.dmp

Filesize
2.3MB

Download