c204c4829e79a4b78fdeefcf587eabc6e508402d132d00e37c74fe5fe8cf325a | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23/11/2023, 02:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

58KB
MD5

a9438d893c19d866cf720a581c9476bc
SHA1

76207198002c4e5188d7a35cb5c64bec0d7a4453
SHA256

c204c4829e79a4b78fdeefcf587eabc6e508402d132d00e37c74fe5fe8cf325a
SHA512

76d73ee8f989ee8f3eead9745244d46cfc3e43a81358da10e21e534086e6da9e40111970c4a24f11b0f58af81b266ec767620ac187e862fdcd691d1f221de33b
SSDEEP

1536:NWfqqj/DMFv8I8ReUWflaCoa7CYsIRJFdQ:NGVDSbca7C7IRJn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2304	2296	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2304	2296	tmp.exe	29
PID 2296 wrote to memory of 2304	2296	tmp.exe	29
PID 2296 wrote to memory of 2304	2296	tmp.exe	29
PID 2296 wrote to memory of 2304	2296	tmp.exe	29

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 76
  2⤵
  - Program crash
  PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads