7d8c5f5d3d816a02f58f1994b92b4496b4ace232da3bd5036b91c79a4657c8e1 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:28

Sharing

Report Analysis Logs

General

Target

198ca3fef34b22273f354cb53c10f3ed.exe
Size

199KB
MD5

198ca3fef34b22273f354cb53c10f3ed
SHA1

9109e4ed77f3764f77a7a30dd78d01808dcf1f94
SHA256

7d8c5f5d3d816a02f58f1994b92b4496b4ace232da3bd5036b91c79a4657c8e1
SHA512

fc8c2eb1b9bcb1cfde3979257093bcbcfe0c7b073931cbb966aa13b661e76b69b93bfbb2e1eb38cbe8d34783359da274470062afd36c4df8c1f4e2c40614a1bd
SSDEEP

6144:DDDHyx7cnWH4TEynsCFGwKLuqg5aDtH4Yc:DD7yx7cnWYgysCFGwKCqzHc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2168	3012	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2168	3012	198ca3fef34b22273f354cb53c10f3ed.exe	14
PID 3012 wrote to memory of 2168	3012	198ca3fef34b22273f354cb53c10f3ed.exe	14
PID 3012 wrote to memory of 2168	3012	198ca3fef34b22273f354cb53c10f3ed.exe	14
PID 3012 wrote to memory of 2168	3012	198ca3fef34b22273f354cb53c10f3ed.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 48
1⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\198ca3fef34b22273f354cb53c10f3ed.exe
"C:\Users\Admin\AppData\Local\Temp\198ca3fef34b22273f354cb53c10f3ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-0-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download