56d34afaf77f7d0b60c2153d70409847b69613108bdb350ba824a4d5e1479f4d | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 17:16

Sharing

Report Analysis Logs

General

Target

07ee621d435ef5635eb6760ecff2e4ce.exe
Size

32KB
MD5

07ee621d435ef5635eb6760ecff2e4ce
SHA1

cad1a960f15d067b455308ae69e488050853e256
SHA256

56d34afaf77f7d0b60c2153d70409847b69613108bdb350ba824a4d5e1479f4d
SHA512

837d68d5c8ca5f1c6781065e142cfb7ca3a469ccab0f699badc3309e8301e40782e34f8dd65edd4024e97a8a9def33a3e00a5d67c10142e36b22c05ffb4e2f93
SSDEEP

96:LelNH1wxh9LVRL8pAh4zR9mPH62KoBCxu0:LeJpAeR0PHwR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1776	1704	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1776	1704	07ee621d435ef5635eb6760ecff2e4ce.exe	14
PID 1704 wrote to memory of 1776	1704	07ee621d435ef5635eb6760ecff2e4ce.exe	14
PID 1704 wrote to memory of 1776	1704	07ee621d435ef5635eb6760ecff2e4ce.exe	14
PID 1704 wrote to memory of 1776	1704	07ee621d435ef5635eb6760ecff2e4ce.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 88
1⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\07ee621d435ef5635eb6760ecff2e4ce.exe
"C:\Users\Admin\AppData\Local\Temp\07ee621d435ef5635eb6760ecff2e4ce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download