e652bae33a72e4e1fb68ccdf8446f0e556aeabfceb8efb5a2ee5c2c91f45ce1a | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06c5c36c5c26ecce277a67e0907c5968.exe
Size

33KB
MD5

06c5c36c5c26ecce277a67e0907c5968
SHA1

c3fde00060c956bd84fe1800c962e8dad3fc5da5
SHA256

e652bae33a72e4e1fb68ccdf8446f0e556aeabfceb8efb5a2ee5c2c91f45ce1a
SHA512

97d400f59563786cfb646f4e7b7512070c4a93afe7aa9359b4b268ae5c490998fdfbf64c9532d27def9a4d93cc2e5fb6b244a9ca3ce2dc1f778e0e3123518c0f
SSDEEP

384:+xbU11nvN2T1OoNTyRFAlvCAWiI4hu0jmPG:PrvN2ZOCqAlvxFubPG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	2096	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2372	2096	06c5c36c5c26ecce277a67e0907c5968.exe	28
PID 2096 wrote to memory of 2372	2096	06c5c36c5c26ecce277a67e0907c5968.exe	28
PID 2096 wrote to memory of 2372	2096	06c5c36c5c26ecce277a67e0907c5968.exe	28
PID 2096 wrote to memory of 2372	2096	06c5c36c5c26ecce277a67e0907c5968.exe	28

C:\Users\Admin\AppData\Local\Temp\06c5c36c5c26ecce277a67e0907c5968.exe
"C:\Users\Admin\AppData\Local\Temp\06c5c36c5c26ecce277a67e0907c5968.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 164
  2⤵
  - Program crash
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads