9716252984bc340bfb4b3347fb6e33e43d9e3578a663c100df017bcbeb8a39aa | Triage

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 12:00

Sharing

Report Analysis Logs

General

Target

260275eda5575dexeexeexeex.exe
Size

204KB
MD5

260275eda5575d18217b8db004209bf4
SHA1

98080119945d20761f69f6c2a5568e9c1979735b
SHA256

9716252984bc340bfb4b3347fb6e33e43d9e3578a663c100df017bcbeb8a39aa
SHA512

a2f8f7fbd56a303cdff960031c71e2aa163807b3b235b2f220af8cca5d6e47e57d40e04ec372e7a472e2518e6c0d0624fb63ae8a6ed9edbfe227865d69bd8bb9
SSDEEP

3072:YTld9PtBQudmx3dtO0cPlDJBFx0uW+xS77lwTWn:YdtBQud1rPpTFx2+xS77CG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
864	2388	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 864	2388	260275eda5575dexeexeexeex.exe	29
PID 2388 wrote to memory of 864	2388	260275eda5575dexeexeexeex.exe	29
PID 2388 wrote to memory of 864	2388	260275eda5575dexeexeexeex.exe	29
PID 2388 wrote to memory of 864	2388	260275eda5575dexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\260275eda5575dexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\260275eda5575dexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 36
  2⤵
  - Program crash
  PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-54-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download