242606784652c8d0186eb3ff0d4603f46aefee9e7b466125ff5c2b90890e47ea | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:42

Sharing

Report Analysis Logs

General

Target

137997a1cb2d9c5b88ea84c547dcd81b.exe
Size

233KB
MD5

137997a1cb2d9c5b88ea84c547dcd81b
SHA1

539e695b7e25ef1f4ec10cd1d623b8444c6178e6
SHA256

242606784652c8d0186eb3ff0d4603f46aefee9e7b466125ff5c2b90890e47ea
SHA512

9a0351dfecb9e331fc8b08ae875c1b3eb36695c43bb83433c4726c608932de4525fc158540943e0fd391aa51006b056e4b27030520b37d7925da3ebae032122d
SSDEEP

6144:+blIO0WdNyYp8DweghBHFo3R+d3lcK4UFH:+bFUYGD8hB+B+d3lcKdH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
912	2408	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 912	2408	137997a1cb2d9c5b88ea84c547dcd81b.exe	28
PID 2408 wrote to memory of 912	2408	137997a1cb2d9c5b88ea84c547dcd81b.exe	28
PID 2408 wrote to memory of 912	2408	137997a1cb2d9c5b88ea84c547dcd81b.exe	28
PID 2408 wrote to memory of 912	2408	137997a1cb2d9c5b88ea84c547dcd81b.exe	28

C:\Users\Admin\AppData\Local\Temp\137997a1cb2d9c5b88ea84c547dcd81b.exe
"C:\Users\Admin\AppData\Local\Temp\137997a1cb2d9c5b88ea84c547dcd81b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 120
  2⤵
  - Program crash
  PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x0000000000F30000-0x0000000000F41000-memory.dmp

Filesize
68KB

Download
memory/2408-1-0x0000000000F30000-0x0000000000F41000-memory.dmp

Filesize
68KB

Download