094adb1b607a9542decfd4e1981ed245a698c1e43154ca7ead9754a1508b5def | Triage

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 19:49

Sharing

Report Analysis Logs

General

Target

bfddd887e7280cexeexeexeex.exe
Size

208KB
MD5

bfddd887e7280c9f64e2a134f20bb760
SHA1

3e95e26fcb2418cec4ce353220ace55dffe89991
SHA256

094adb1b607a9542decfd4e1981ed245a698c1e43154ca7ead9754a1508b5def
SHA512

9cf8b6dcc5fc5fd3fe8a84f5274120760ea9bad7a0fb837d0fa23b895afa74ee5cae08c377be5d0fb01b6adff66272185cab2b1ae453514cd8f442538a78bad0
SSDEEP

3072:GHfd9PRBQ5dmx3dtO0cPlDJBF4+xzyOwSQ7SnIz70:GHRBQ5d1rPpTF4+Ar17Sn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
564	1768	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 564	1768	bfddd887e7280cexeexeexeex.exe	28
PID 1768 wrote to memory of 564	1768	bfddd887e7280cexeexeexeex.exe	28
PID 1768 wrote to memory of 564	1768	bfddd887e7280cexeexeexeex.exe	28
PID 1768 wrote to memory of 564	1768	bfddd887e7280cexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\bfddd887e7280cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\bfddd887e7280cexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 36
  2⤵
  - Program crash
  PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-54-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download