d244055ce0cc04f65b94637061dd619cf97abde89fe08f62607aaa5446c0ff1c | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/07/2023, 18:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4eee26adfd428_JC.exe
Size

2.1MB
MD5

a4eee26adfd428d8231dc53454821ed3
SHA1

f78269f3698dc9817d8f1bf170241070a6626bd0
SHA256

d244055ce0cc04f65b94637061dd619cf97abde89fe08f62607aaa5446c0ff1c
SHA512

6bc927bfbe01effc9a5dfc3f49615f2b2f2d3d4640847821ea9d3855955ebfad20712a7923750c967fc3020cd187223851a953d7039f95fc1dd5f1ae6ccc5693
SSDEEP

49152:G9yiCJ5rFwnANZGEXeZ+9ux8egOSDAmosh3ANkTTl:1J5rFwnApexgOS9V3AM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1288	2236	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1288	2236	a4eee26adfd428_JC.exe	28
PID 2236 wrote to memory of 1288	2236	a4eee26adfd428_JC.exe	28
PID 2236 wrote to memory of 1288	2236	a4eee26adfd428_JC.exe	28
PID 2236 wrote to memory of 1288	2236	a4eee26adfd428_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\a4eee26adfd428_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a4eee26adfd428_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 116
  2⤵
  - Program crash
  PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads