c6ebf549103b1f1f90d3de4fbc565c2cd6108936536e8ae709305009d2db2a96 | Triage

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:55

Sharing

Report Analysis Logs

General

Target

1e81fd725ded57588cdf3c2f25d93d0c.exe
Size

456KB
MD5

1e81fd725ded57588cdf3c2f25d93d0c
SHA1

306b18f2954ae2902882e9a2f93d0bd86931c5f3
SHA256

c6ebf549103b1f1f90d3de4fbc565c2cd6108936536e8ae709305009d2db2a96
SHA512

890c8016c32323509b81f403deac00bc92d224c794e3f3819b31d9d05f7807a4e6d6246d20c654c9d1e686a679894f03622b054c5635e712dbc00f01215d0eb8
SSDEEP

12288:UGH3TNk/aawlefbtI5P+/trgmSXod8Rxwzf5OUwA:Uk3T7lWIc/gNwzMr

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2976	2096	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2976	2096	1e81fd725ded57588cdf3c2f25d93d0c.exe	28
PID 2096 wrote to memory of 2976	2096	1e81fd725ded57588cdf3c2f25d93d0c.exe	28
PID 2096 wrote to memory of 2976	2096	1e81fd725ded57588cdf3c2f25d93d0c.exe	28
PID 2096 wrote to memory of 2976	2096	1e81fd725ded57588cdf3c2f25d93d0c.exe	28

C:\Users\Admin\AppData\Local\Temp\1e81fd725ded57588cdf3c2f25d93d0c.exe
"C:\Users\Admin\AppData\Local\Temp\1e81fd725ded57588cdf3c2f25d93d0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 144
  2⤵
  - Program crash
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2096-0-0x0000000001000000-0x0000000001136000-memory.dmp

Filesize
1.2MB

Download
memory/2096-1-0x0000000001000000-0x0000000001136000-memory.dmp

Filesize
1.2MB

Download