e52d9a5daa89aaacdca230a492369a4d6f4fd08fb0a4ca84d9b4205c5d4a0595 | Triage

Analysis

max time kernel
101s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 14:52

Sharing

Report Analysis Logs

General

Target

338f6769c2266eexeexeexeex.exe
Size

520KB
MD5

338f6769c2266e359527968f03a0a0d9
SHA1

be9dcffd000944059acd97d63447949d013a0123
SHA256

e52d9a5daa89aaacdca230a492369a4d6f4fd08fb0a4ca84d9b4205c5d4a0595
SHA512

0f5221861066e8c8a39553f39c10ab132cabff8e7658120b92ed133ad235fbe090984a35c1a73fb5d2015d5b7ce35c4c598e607cc482bc08454cfdca6f2aedca
SSDEEP

12288:+HlhaVJPu1wg89ZSCtQHYnIl9MGqCPNZ:+HyVk1wMkQHYnIl9jN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2120	2364	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2120	2364	338f6769c2266eexeexeexeex.exe	28
PID 2364 wrote to memory of 2120	2364	338f6769c2266eexeexeexeex.exe	28
PID 2364 wrote to memory of 2120	2364	338f6769c2266eexeexeexeex.exe	28
PID 2364 wrote to memory of 2120	2364	338f6769c2266eexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\338f6769c2266eexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\338f6769c2266eexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 132
  2⤵
  - Program crash
  PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads