ea8ac477bf4f13f00c4a9b755b9ac83f476fd4aa984c367695c029f43f5ef861 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 10:36

Sharing

Report Analysis Logs

General

Target

0948d37f1bac978937a5052a1f3d3b2c.exe
Size

34KB
MD5

0948d37f1bac978937a5052a1f3d3b2c
SHA1

62f7f7652d1a1a00855c63f23372e9a5bcb81395
SHA256

ea8ac477bf4f13f00c4a9b755b9ac83f476fd4aa984c367695c029f43f5ef861
SHA512

41de78d9f7f2dc1a991d403d911b83ec2debc2dfbf04780d127cd42cab17ded1495bcf6c6dce0a972e4095502297c68e8b67b2417737ac4b0fb7969a19f3ad7d
SSDEEP

768:M/CO6lpem+YoK4Gsqi/NVuHRQAreu47q:C2wmGK4Gs7NVLdu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2580	2544	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2580	2544	0948d37f1bac978937a5052a1f3d3b2c.exe	14
PID 2544 wrote to memory of 2580	2544	0948d37f1bac978937a5052a1f3d3b2c.exe	14
PID 2544 wrote to memory of 2580	2544	0948d37f1bac978937a5052a1f3d3b2c.exe	14
PID 2544 wrote to memory of 2580	2544	0948d37f1bac978937a5052a1f3d3b2c.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 144
1⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\0948d37f1bac978937a5052a1f3d3b2c.exe
"C:\Users\Admin\AppData\Local\Temp\0948d37f1bac978937a5052a1f3d3b2c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download