293c1ade7452ca7ce505702ce799b7d0355f15dd860f67531e38a7a8de3ac36a | Triage

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:04

Sharing

Report Analysis Logs

General

Target

1b8dd9ef1122d9d2eb12ad5321d76a98.exe
Size

284KB
MD5

1b8dd9ef1122d9d2eb12ad5321d76a98
SHA1

d407f81c8b1ab477a1ec63d2b828bf5fcb723508
SHA256

293c1ade7452ca7ce505702ce799b7d0355f15dd860f67531e38a7a8de3ac36a
SHA512

de29c79f4490716f158f8ec0bcf67f4851a23aff45a2c193787376bb02d2041182737c958ea810fc1150853fc824169f4dd6e5b6289c4b6963c507abb56de15e
SSDEEP

3072:uA1ehl/69NcG3QAP6MmsCXHldHjEcCWQLwBVYvr:uDl/UcQPkFFjGWbyr

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	2028	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2016	2028	1b8dd9ef1122d9d2eb12ad5321d76a98.exe	28
PID 2028 wrote to memory of 2016	2028	1b8dd9ef1122d9d2eb12ad5321d76a98.exe	28
PID 2028 wrote to memory of 2016	2028	1b8dd9ef1122d9d2eb12ad5321d76a98.exe	28
PID 2028 wrote to memory of 2016	2028	1b8dd9ef1122d9d2eb12ad5321d76a98.exe	28

C:\Users\Admin\AppData\Local\Temp\1b8dd9ef1122d9d2eb12ad5321d76a98.exe
"C:\Users\Admin\AppData\Local\Temp\1b8dd9ef1122d9d2eb12ad5321d76a98.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 120
  2⤵
  - Program crash
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download