eb09851c234dd55c561d12e70d6eb347e364aa1240d9ee7156fe44188d5b206f | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:39

Sharing

Report Analysis Logs

General

Target

0421857eaa36c8b74155d7950e709ae6.exe
Size

92KB
MD5

0421857eaa36c8b74155d7950e709ae6
SHA1

e5c75a8679787d64e80605ca7e979b533a7962a5
SHA256

eb09851c234dd55c561d12e70d6eb347e364aa1240d9ee7156fe44188d5b206f
SHA512

3fb3850550bef85cb87078c2bb10aa2a78c592188ee4d691ee3ec88b90df1dcc47b32b13b2da95a301606b3ea588faf5868d8dfceb5a956994054f4161c15484
SSDEEP

1536:EVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:UnxwgxgfR/DVG7wBpE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2156	2164	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2156	2164	0421857eaa36c8b74155d7950e709ae6.exe	16
PID 2164 wrote to memory of 2156	2164	0421857eaa36c8b74155d7950e709ae6.exe	16
PID 2164 wrote to memory of 2156	2164	0421857eaa36c8b74155d7950e709ae6.exe	16
PID 2164 wrote to memory of 2156	2164	0421857eaa36c8b74155d7950e709ae6.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 100
1⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\0421857eaa36c8b74155d7950e709ae6.exe
"C:\Users\Admin\AppData\Local\Temp\0421857eaa36c8b74155d7950e709ae6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download