bb9853a1dec41befda33a548d51c6ab2efa0781bf4dc41b7ab4e7bd7c702f090 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 07:27

Sharing

Report Analysis Logs

General

Target

CVE-2023-36874.exe
Size

20KB
MD5

f92582c94d943077158b2d9a26157dab
SHA1

930963340884e22044a35af80e02a4db041f6d5a
SHA256

bb9853a1dec41befda33a548d51c6ab2efa0781bf4dc41b7ab4e7bd7c702f090
SHA512

1fa005333cd9ff5249fd363ab1a4d7cf60065df69f8487ef0f87f0347ebbbd8c34766af9750e239eba19e069ac7fd620bf472f7e15dc786819919f13741b4993
SSDEEP

384:esiHxQEhKYkikXBeCku0A+V8vfX0IvRZXu7sED4lB8J:mqEhZkzBefu0Vy0gXu7sED4lB8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3052	2792	CVE-2023-36874.exe	29
PID 2792 wrote to memory of 3052	2792	CVE-2023-36874.exe	29
PID 2792 wrote to memory of 3052	2792	CVE-2023-36874.exe	29

C:\Users\Admin\AppData\Local\Temp\CVE-2023-36874.exe
"C:\Users\Admin\AppData\Local\Temp\CVE-2023-36874.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2792 -s 100
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads