d5cfe8b4b233b2d938020ff81c02a301fa6f4f7ab2f76178956ac5108508f2ce | Triage

Analysis

max time kernel
27s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 18:30

Sharing

Report Analysis Logs

General

Target

1c56b37b90a0d5exeexeexeex.exe
Size

2.1MB
MD5

1c56b37b90a0d53baf2b3fda382f798d
SHA1

bf8876352798f9a079886cded479c89df7d013be
SHA256

d5cfe8b4b233b2d938020ff81c02a301fa6f4f7ab2f76178956ac5108508f2ce
SHA512

8369f08924f5992680cf340b519f0782a298b46a754bf1016db5e9982d66d47d73be0c65e63bba222697a8d3f09b4f3e9772ced868bc1848f92850ac49f8d612
SSDEEP

49152:oD6j6DiXN9TyBzosmlHP4exvPZtrbh8sh3ANkTTl:l6DiXN9TomPPZtR53AM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2388	2392	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2388	2392	1c56b37b90a0d5exeexeexeex.exe	28
PID 2392 wrote to memory of 2388	2392	1c56b37b90a0d5exeexeexeex.exe	28
PID 2392 wrote to memory of 2388	2392	1c56b37b90a0d5exeexeexeex.exe	28
PID 2392 wrote to memory of 2388	2392	1c56b37b90a0d5exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\1c56b37b90a0d5exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\1c56b37b90a0d5exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 116
  2⤵
  - Program crash
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads