af02c7ecb40f8aa0ddb75c5be9fa75e8a292072185f087fd8ffd25f3499d2299 | Triage

Analysis

max time kernel
102s
max time network
35s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 07:46

Sharing

Report Analysis Logs

General

Target

9dd7cff775d246exeexeexeex.exe
Size

520KB
MD5

9dd7cff775d24648904f49811494ec4a
SHA1

eab06da5c79eae0eb79ec7bdbef103b64d62bd9d
SHA256

af02c7ecb40f8aa0ddb75c5be9fa75e8a292072185f087fd8ffd25f3499d2299
SHA512

4e1753ef763fdf421445ff57eb0600e0fd67beff1cd0d3f6e63406ad865acd4725e42832beeb873e15c8cea93e2ac0643e34c7821b564ef7fd5dbac17c4967a4
SSDEEP

12288:2dhh2PNZW9F5n722QomfTQTWU1t67NQitQt8PNZ:2dqPu9FBNQojJtWQitQiN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3024	2320	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 3024	2320	9dd7cff775d246exeexeexeex.exe	29
PID 2320 wrote to memory of 3024	2320	9dd7cff775d246exeexeexeex.exe	29
PID 2320 wrote to memory of 3024	2320	9dd7cff775d246exeexeexeex.exe	29
PID 2320 wrote to memory of 3024	2320	9dd7cff775d246exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\9dd7cff775d246exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\9dd7cff775d246exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 132
  2⤵
  - Program crash
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads