6cc5f37e740be286e245e1fa0214fdc960c5e1a2cad66ec11281ff42a0630774 | Triage

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09-07-2023 16:48

Sharing

Report Analysis Logs

General

Target

b7e6c15b5c9daeexeexeexeex.exe
Size

155KB
MD5

b7e6c15b5c9dae9128141e03ee395edd
SHA1

eddef6acbc89bd29c22d1130f215560f315b5ec3
SHA256

6cc5f37e740be286e245e1fa0214fdc960c5e1a2cad66ec11281ff42a0630774
SHA512

01876ab9fd365cc72365f6534b43a08bf5d689f51c7c769e23ab915469fa8fbae6892b242d8fd7de1e96bb1bb724d80262d7735c13db940eec824345d312f0aa
SSDEEP

3072:l5K/B0toLQSNJMlZHQsozTS+SMqqDL2/TrKvtG:lcytwtg1yTS+xqqDL6HKI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3060	2052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 3060	2052	b7e6c15b5c9daeexeexeexeex.exe	28
PID 2052 wrote to memory of 3060	2052	b7e6c15b5c9daeexeexeexeex.exe	28
PID 2052 wrote to memory of 3060	2052	b7e6c15b5c9daeexeexeexeex.exe	28
PID 2052 wrote to memory of 3060	2052	b7e6c15b5c9daeexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\b7e6c15b5c9daeexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\b7e6c15b5c9daeexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 88
  2⤵
  - Program crash
  PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads