243d5d6b652d79082d636678a5f57c9fc2390894cc55588a27e5a11753f1f82c | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 10:35

Sharing

Report Analysis Logs

General

Target

08dbd6dc24d0fe7cfaa1587b0ca48722.exe
Size

86KB
MD5

08dbd6dc24d0fe7cfaa1587b0ca48722
SHA1

92b92c9baa78022ac37c58cfc2ac0cc9164c6425
SHA256

243d5d6b652d79082d636678a5f57c9fc2390894cc55588a27e5a11753f1f82c
SHA512

0c5abbb621c35623968dbc0eb6276cf0769462487b141c8949becd80f8cf6f496150446ed0ec1c7914d6a50648b8015ef9522bd6c8c1fb46233eebc67ed57754
SSDEEP

768:sxbY9bIGXIu4Q/bI0/F/NstMlwQTOxelNmw5jRF9RSM:sxBG4uBIUJxdlNmKjRFv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	1676	WerFault.exe	17

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1676	08dbd6dc24d0fe7cfaa1587b0ca48722.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2752	1676	08dbd6dc24d0fe7cfaa1587b0ca48722.exe	28
PID 1676 wrote to memory of 2752	1676	08dbd6dc24d0fe7cfaa1587b0ca48722.exe	28
PID 1676 wrote to memory of 2752	1676	08dbd6dc24d0fe7cfaa1587b0ca48722.exe	28
PID 1676 wrote to memory of 2752	1676	08dbd6dc24d0fe7cfaa1587b0ca48722.exe	28

C:\Users\Admin\AppData\Local\Temp\08dbd6dc24d0fe7cfaa1587b0ca48722.exe
"C:\Users\Admin\AppData\Local\Temp\08dbd6dc24d0fe7cfaa1587b0ca48722.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 244
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads