127b09cf27e2eb35f2faa462c33416323e2241633d991562687e986f4d5d4c9b | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:29

Sharing

Report Analysis Logs

General

Target

2084610db5ce3f957c84a2a318902e31.exe
Size

841KB
MD5

2084610db5ce3f957c84a2a318902e31
SHA1

9d5835bde8f0767db3f4a54c4609136d2104aa9a
SHA256

127b09cf27e2eb35f2faa462c33416323e2241633d991562687e986f4d5d4c9b
SHA512

620a53fb1db26a633e3e6cda68bd00c576cdd2d84e6bfbb3d713b127a094fc4714652274be1389a936a9e7795f713828de36cd350e33811b983e33e066310245
SSDEEP

24576:SPMba6WRT/ewkyxNUfM0BJxJ1Yn43dVEsa:UMnWRTGdyx+f0mja

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	2924	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2996	2924	2084610db5ce3f957c84a2a318902e31.exe	10
PID 2924 wrote to memory of 2996	2924	2084610db5ce3f957c84a2a318902e31.exe	10
PID 2924 wrote to memory of 2996	2924	2084610db5ce3f957c84a2a318902e31.exe	10
PID 2924 wrote to memory of 2996	2924	2084610db5ce3f957c84a2a318902e31.exe	10

C:\Users\Admin\AppData\Local\Temp\2084610db5ce3f957c84a2a318902e31.exe
"C:\Users\Admin\AppData\Local\Temp\2084610db5ce3f957c84a2a318902e31.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 140
  2⤵
  - Program crash
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000001340000-0x00000000013EB000-memory.dmp

Filesize
684KB

Download
memory/2924-1-0x0000000001340000-0x00000000013EB000-memory.dmp

Filesize
684KB

Download