a46a610b7baf4b5836db48a684990048c9cc6c02ee94d911f87c3cf60ad28830 | Triage

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 20:24

Sharing

Report Analysis Logs

General

Target

2079ec12c8425fexeexeexeex.exe
Size

2.1MB
MD5

2079ec12c8425f069782a1a876f533f2
SHA1

4a105f0cdebb129aac581ca5d5646df1da381b6c
SHA256

a46a610b7baf4b5836db48a684990048c9cc6c02ee94d911f87c3cf60ad28830
SHA512

443d49f41bac03e49e864ffe84e6282980c9bb1649e0d0841d567440b2e3ce98e4eb09ed634c2ef069968bd2cb301a4be558a3a211d953d74bb02abae8a8de2d
SSDEEP

49152:wAWCcbZ5t23arJksZyYgdWrq4ecA3ikMsh3ANkTTl:ubZ5t23aryQecAFp3AM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2324	2364	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2324	2364	2079ec12c8425fexeexeexeex.exe	29
PID 2364 wrote to memory of 2324	2364	2079ec12c8425fexeexeexeex.exe	29
PID 2364 wrote to memory of 2324	2364	2079ec12c8425fexeexeexeex.exe	29
PID 2364 wrote to memory of 2324	2364	2079ec12c8425fexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\2079ec12c8425fexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\2079ec12c8425fexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 116
  2⤵
  - Program crash
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads