e8f3558c71fa4e5e9ed1cf0cef625bde3b5e3c14bbc5761c5ab08903a2ea50b1 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:54

Sharing

Report Analysis Logs

General

Target

41a1364540af70a95469891401fd2e2a.exe
Size

904KB
MD5

41a1364540af70a95469891401fd2e2a
SHA1

e9029956d0b567efcb6878d8a8c815e2df5c73b6
SHA256

e8f3558c71fa4e5e9ed1cf0cef625bde3b5e3c14bbc5761c5ab08903a2ea50b1
SHA512

0726320090769c008860b2df29ab70d85e783a4ce81f7ec9a7581c0af139f123d2ae864117516045f19dd62af87cb5471f04b79f766fc57e92b072ad2197447b
SSDEEP

3072:ft2cWtTBfVkfqM2SCAygRjlIqZoFzJcqHT:hWtTBdsqEPxjjoFzF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3040	3032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3040	3032	41a1364540af70a95469891401fd2e2a.exe	28
PID 3032 wrote to memory of 3040	3032	41a1364540af70a95469891401fd2e2a.exe	28
PID 3032 wrote to memory of 3040	3032	41a1364540af70a95469891401fd2e2a.exe	28
PID 3032 wrote to memory of 3040	3032	41a1364540af70a95469891401fd2e2a.exe	28

C:\Users\Admin\AppData\Local\Temp\41a1364540af70a95469891401fd2e2a.exe
"C:\Users\Admin\AppData\Local\Temp\41a1364540af70a95469891401fd2e2a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 36
  2⤵
  - Program crash
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads