04fa44f9812f686f46d4f0cfcaa1013e8d2810ae4a7c724755c116ec77919de7 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19/09/2023, 01:48

Sharing

Report Analysis Logs

General

Target

file.exe
Size

393KB
MD5

0ec9b801114e004fe0d1a53e038ce1b7
SHA1

d724abcde4f868099032a2b07a281bc1990a6c57
SHA256

04fa44f9812f686f46d4f0cfcaa1013e8d2810ae4a7c724755c116ec77919de7
SHA512

480875b644d890b34ad39fd8a5c64fb98db4ded73ed2d5c8c15acda44eeb3b09cedfd5129efbb08dd13ba0dc3562d6631afa3478d9703cfb7580d956a1279af7
SSDEEP

12288:co2LqiG59ougkgdqhx43YTVqK9+DK6/FOZ1Sa:co245HUKYGK0s

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2436	2992	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2436	2992	file.exe	29
PID 2992 wrote to memory of 2436	2992	file.exe	29
PID 2992 wrote to memory of 2436	2992	file.exe	29
PID 2992 wrote to memory of 2436	2992	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 52
  2⤵
  - Program crash
  PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads