84dea2fc13ecfa71629838efd4f8e166cf3c68f65d300d790903212bfa104c8f | Triage

Analysis

max time kernel
101s
max time network
79s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08-07-2023 08:59

Sharing

Report Analysis Logs

General

Target

627b4a703e43c2exeexeexeex.exe
Size

520KB
MD5

627b4a703e43c20fd44c1910493773b9
SHA1

8e33e837027c12eb4c1f321d6d3c516e5a6fa1ce
SHA256

84dea2fc13ecfa71629838efd4f8e166cf3c68f65d300d790903212bfa104c8f
SHA512

ec31beb4d3d78b8a43e71149feca068fca5e66b8642be0027006aaadfbc88406292bb249e38ec73dc3838fa938bc884e7b046bc9d6d3275b132fe5a714a186de
SSDEEP

12288:e555mTt9eUlcGFQr6aIovaVgPeksKTvPNZ:e5qT6Ul2BIovaVgPeksKTXN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	3004	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3052	3004	627b4a703e43c2exeexeexeex.exe	28
PID 3004 wrote to memory of 3052	3004	627b4a703e43c2exeexeexeex.exe	28
PID 3004 wrote to memory of 3052	3004	627b4a703e43c2exeexeexeex.exe	28
PID 3004 wrote to memory of 3052	3004	627b4a703e43c2exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\627b4a703e43c2exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\627b4a703e43c2exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 132
  2⤵
  - Program crash
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads