a01d6e4838b5e446255447a63ced44c71315586f3e746143d7f7327908e75b09 | Triage

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 08:06

Sharing

Report Analysis Logs

General

Target

ecf47f28d40e9cexeexeexeex.exe
Size

155KB
MD5

ecf47f28d40e9cba0805e8c1bf721331
SHA1

a7d63d4da690fef3d2f3dbff3b7ac2d0975b76c9
SHA256

a01d6e4838b5e446255447a63ced44c71315586f3e746143d7f7327908e75b09
SHA512

56610473fad6e436fdc9b18059e78772b2f1779b2cbc1bc0a4eaf87d21391ce20a9da032e6bce12566213fafdcc31c2f079a95bcc3329b1a9cc46fb224038d74
SSDEEP

3072:l5K/B0toL6SNJvlZHQsozTS+SMqqDL2/TrKZGG:lcytw/F1yTS+xqqDL6HKZ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2352	2144	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2352	2144	ecf47f28d40e9cexeexeexeex.exe	27
PID 2144 wrote to memory of 2352	2144	ecf47f28d40e9cexeexeexeex.exe	27
PID 2144 wrote to memory of 2352	2144	ecf47f28d40e9cexeexeexeex.exe	27
PID 2144 wrote to memory of 2352	2144	ecf47f28d40e9cexeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\ecf47f28d40e9cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\ecf47f28d40e9cexeexeexeex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 88
  2⤵
  - Program crash
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads