e7e36471e450713614deef004d39d949702bce4c27a6977bbdf48a5bca6622d7 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 16:35

Sharing

Report Analysis Logs

General

Target

06002473cb37375c758c2d5a88e4c6b7.exe
Size

245KB
MD5

06002473cb37375c758c2d5a88e4c6b7
SHA1

711538dd7c2af07189847ad488d24e8a4730b307
SHA256

e7e36471e450713614deef004d39d949702bce4c27a6977bbdf48a5bca6622d7
SHA512

e26617f35b51db7dc7ddb65082bb17ec9f848f318e211aac3269ebb4431a501250724712fecb9f1582f33cb6a79d40776da8f10b687dedef09841b90d5cf0cca
SSDEEP

6144:hAx4X67TulF59LooSF/0VqsInWYINgpUgdFY:a4X6EF59L1SF/WqjxpU9

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	2688	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 3052	2688	06002473cb37375c758c2d5a88e4c6b7.exe	16
PID 2688 wrote to memory of 3052	2688	06002473cb37375c758c2d5a88e4c6b7.exe	16
PID 2688 wrote to memory of 3052	2688	06002473cb37375c758c2d5a88e4c6b7.exe	16
PID 2688 wrote to memory of 3052	2688	06002473cb37375c758c2d5a88e4c6b7.exe	16

C:\Users\Admin\AppData\Local\Temp\06002473cb37375c758c2d5a88e4c6b7.exe
"C:\Users\Admin\AppData\Local\Temp\06002473cb37375c758c2d5a88e4c6b7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 120
  2⤵
  - Program crash
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2688-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2688-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download