1b271307f069316d20c23639981ae884b13effe822d8c3dc764fed3513884e48 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
06/07/2023, 16:02

Sharing

Report Analysis Logs

General

Target

3a914e66691db5exeexeexeex.exe
Size

256KB
MD5

3a914e66691db5ff9f55c09fd1d03f57
SHA1

63a895bf2704eed3a50300aee373e24953c83326
SHA256

1b271307f069316d20c23639981ae884b13effe822d8c3dc764fed3513884e48
SHA512

ddce2810ca16b64faacc9cad1b2745f35050da7cd18ecf400c8bcda05e08e3cb068d1909efb4e80b4b2d88050efefa943f94735e59c3bbb0bff8cb704b85686a
SSDEEP

6144:yMfBQId1rPpTF5NR30w7NSDyDRothpQ1:yMpZPxFXSDyOtj

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2076	2068	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2076	2068	3a914e66691db5exeexeexeex.exe	28
PID 2068 wrote to memory of 2076	2068	3a914e66691db5exeexeexeex.exe	28
PID 2068 wrote to memory of 2076	2068	3a914e66691db5exeexeexeex.exe	28
PID 2068 wrote to memory of 2076	2068	3a914e66691db5exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\3a914e66691db5exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\3a914e66691db5exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 36
  2⤵
  - Program crash
  PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-54-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download