56ddbc8ef3d9ab3351b134b59cf103a145698808f5393f06d4f8cb67eec49635 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:15

Sharing

Report Analysis Logs

General

Target

3f6334019e256c753234a99a88fdb9f1.exe
Size

64KB
MD5

3f6334019e256c753234a99a88fdb9f1
SHA1

84a6c6b773d1ff035292d0066b9aee3016ebe3f0
SHA256

56ddbc8ef3d9ab3351b134b59cf103a145698808f5393f06d4f8cb67eec49635
SHA512

5b467057e12c05384487f2472a08d916f14e98c3c74dc932ad0b5dd4f06fd857a46ccce864812bb9070539b98ed0490c83be8466480ab59e8160eb391acafbd8
SSDEEP

1536:eZWKJJMguNNdxzHni3gkyAop4NGDqjL10rQ+v:eZWKJKVNdxDrkyAopCGmyx

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2524	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2824	2524	3f6334019e256c753234a99a88fdb9f1.exe	28
PID 2524 wrote to memory of 2824	2524	3f6334019e256c753234a99a88fdb9f1.exe	28
PID 2524 wrote to memory of 2824	2524	3f6334019e256c753234a99a88fdb9f1.exe	28
PID 2524 wrote to memory of 2824	2524	3f6334019e256c753234a99a88fdb9f1.exe	28

C:\Users\Admin\AppData\Local\Temp\3f6334019e256c753234a99a88fdb9f1.exe
"C:\Users\Admin\AppData\Local\Temp\3f6334019e256c753234a99a88fdb9f1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 36
  2⤵
  - Program crash
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2524-0-0x0000000000800000-0x0000000000828000-memory.dmp

Filesize
160KB

Download