ae4532e72a1a0f33d8bd7f542804c4c1432d20d9a25167cd7b8a7843a1c8f496 | Triage

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09-07-2023 09:07

Sharing

Report Analysis Logs

General

Target

a69fd49dbea143exeexeexeex.exe
Size

178KB
MD5

a69fd49dbea14373d0ab56390f7e0e02
SHA1

abc1d379dcccb8eaee2b4b709dac08b4a7cf757a
SHA256

ae4532e72a1a0f33d8bd7f542804c4c1432d20d9a25167cd7b8a7843a1c8f496
SHA512

1afac82e4e026240d31ae481ff6f8747453f8a7e2e453bb23b38391df780b2dca286756282a5f69533e05f09a5cf145db43115171dd3d359a6583f32117b4d3e
SSDEEP

3072:f4S1mYAta+UZulyrZsxOa/dEoUXKoItpOIrupE:f7Ata+UZ+yrZdoEKoItpH6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1512	2320	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1512	2320	a69fd49dbea143exeexeexeex.exe	29
PID 2320 wrote to memory of 1512	2320	a69fd49dbea143exeexeexeex.exe	29
PID 2320 wrote to memory of 1512	2320	a69fd49dbea143exeexeexeex.exe	29
PID 2320 wrote to memory of 1512	2320	a69fd49dbea143exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\a69fd49dbea143exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\a69fd49dbea143exeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 36
  2⤵
  - Program crash
  PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2320-54-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download