22bb8c0da231f8c6537ee00489f65f171d010f6604c8693fda50f0b76f615040 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06/10/2023, 01:58

Sharing

Report Analysis Logs

General

Target

97e789b577ff5227bc696ca2d0e0af07.exe
Size

1.7MB
MD5

97e789b577ff5227bc696ca2d0e0af07
SHA1

371971c7cbc8eae29e38baf059d331ee8d344f2b
SHA256

22bb8c0da231f8c6537ee00489f65f171d010f6604c8693fda50f0b76f615040
SHA512

5eceaba65300df7528204b50bf67a1269c7df678ab05d16c3b3185828baea517e9bc7c9d273af3567ce93a6c0a9a0b51ed875aba7550b6997abc5bc3dc603f03
SSDEEP

49152:GWATGrgBWBKH8jkDVFCNXODzWS9HfX0Ha+qR21rD:g+KH4kpc+DX/0Ha+qRkH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1976	2240	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1976	2240	97e789b577ff5227bc696ca2d0e0af07.exe	28
PID 2240 wrote to memory of 1976	2240	97e789b577ff5227bc696ca2d0e0af07.exe	28
PID 2240 wrote to memory of 1976	2240	97e789b577ff5227bc696ca2d0e0af07.exe	28
PID 2240 wrote to memory of 1976	2240	97e789b577ff5227bc696ca2d0e0af07.exe	28

C:\Users\Admin\AppData\Local\Temp\97e789b577ff5227bc696ca2d0e0af07.exe
"C:\Users\Admin\AppData\Local\Temp\97e789b577ff5227bc696ca2d0e0af07.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 556
  2⤵
  - Program crash
  PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2240-0-0x0000000001090000-0x0000000001258000-memory.dmp

Filesize
1.8MB

Download
memory/2240-1-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/2240-2-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download