fe607f6745e4797652a520ec64e01f779bee0d15bc1c9b2d89e10a561794dcc5 | Triage

Analysis

max time kernel
102s
max time network
76s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 12:55

Sharing

Report Analysis Logs

General

Target

2b3ab567306d4bexeexeexeex.exe
Size

520KB
MD5

2b3ab567306d4bb6f0c51d2364dabe00
SHA1

23254043fc562a7d2740144fb832a5d5ea1b08aa
SHA256

fe607f6745e4797652a520ec64e01f779bee0d15bc1c9b2d89e10a561794dcc5
SHA512

e33a075838a3975e872f60cfbe56db8c39a0cf6aa1d2067a818d8ded4ae85544db418323ce5dbbc5278bf198a7a043362150bfde66609c9b04f1a450ca056b61
SSDEEP

12288:YIRXOwjGOHWz+/L2ve7EF9b4flnd23tc8hYPNZ:YIgwdHWa/qve7E7b4dnkW1N

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3004	1628	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 3004	1628	2b3ab567306d4bexeexeexeex.exe	28
PID 1628 wrote to memory of 3004	1628	2b3ab567306d4bexeexeexeex.exe	28
PID 1628 wrote to memory of 3004	1628	2b3ab567306d4bexeexeexeex.exe	28
PID 1628 wrote to memory of 3004	1628	2b3ab567306d4bexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\2b3ab567306d4bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\2b3ab567306d4bexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 132
  2⤵
  - Program crash
  PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads