8882f1e7f1270bea490427d7cef19baf093878e0aa2c976391431e35664252f2 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 15:49

Sharing

Report Analysis Logs

General

Target

f6a538876e4457exe_JC.exe
Size

2.1MB
MD5

f6a538876e4457d9ab87587aca0ffe7a
SHA1

67842be60a443dcad8b3c5d505072ee424f96b25
SHA256

8882f1e7f1270bea490427d7cef19baf093878e0aa2c976391431e35664252f2
SHA512

96a51b369a19adee24ffd3e137de32e4b3f418e68ab66321168fd8243ee804aacf76421c3d3a693b9e48408cdc1357c277826aef3cb4076547b8ee74fe0c292a
SSDEEP

49152:gNxanHuRSt/Nnudvac09ZC6mgk9m1irx2zsh3ANkTTl:pHuRSt/Nnu02Lm1isA3AM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	696	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 2296	696	f6a538876e4457exe_JC.exe	28
PID 696 wrote to memory of 2296	696	f6a538876e4457exe_JC.exe	28
PID 696 wrote to memory of 2296	696	f6a538876e4457exe_JC.exe	28
PID 696 wrote to memory of 2296	696	f6a538876e4457exe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\f6a538876e4457exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\f6a538876e4457exe_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 116
  2⤵
  - Program crash
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads