bece9845c527d34f58c7ae74cb04ca3a3101185a4f1302217461dd2e1aa0f675 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:10

Sharing

Report Analysis Logs

General

Target

0abc748f8c63012b3c5d1be128e91a77.exe
Size

39KB
MD5

0abc748f8c63012b3c5d1be128e91a77
SHA1

44538b3940b583f20aeaec123c53b24183eb4917
SHA256

bece9845c527d34f58c7ae74cb04ca3a3101185a4f1302217461dd2e1aa0f675
SHA512

1bbc52970487a0eea28700fef29e81eaa6699127a673cd9222cf78479295590fae1050d3e60c4daa4fb14ee9f7f34377c98010895304b7a1d2755b62d7e79226
SSDEEP

192:92BJOIRN/J50X41+f+KvJaQnGYzjdj6aaIn5Jf0VMC:92LOq50Xo8UQn9RzR56V

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2408	1708	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2408	1708	0abc748f8c63012b3c5d1be128e91a77.exe	29
PID 1708 wrote to memory of 2408	1708	0abc748f8c63012b3c5d1be128e91a77.exe	29
PID 1708 wrote to memory of 2408	1708	0abc748f8c63012b3c5d1be128e91a77.exe	29
PID 1708 wrote to memory of 2408	1708	0abc748f8c63012b3c5d1be128e91a77.exe	29

C:\Users\Admin\AppData\Local\Temp\0abc748f8c63012b3c5d1be128e91a77.exe
"C:\Users\Admin\AppData\Local\Temp\0abc748f8c63012b3c5d1be128e91a77.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 72
  2⤵
  - Program crash
  PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-0-0x0000000001000000-0x000000000100D000-memory.dmp

Filesize
52KB

Download