12f386a1b2da59a04c540c2d00c6c73ef200510c8148ceb4dd66d4121fe8cc6d | Triage

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 03:08

Sharing

Report Analysis Logs

General

Target

01eef8fe90a51a24a51956151f51672b.exe
Size

68KB
MD5

01eef8fe90a51a24a51956151f51672b
SHA1

63532949626d0a782ffab6f76aece7bc9e5c5b32
SHA256

12f386a1b2da59a04c540c2d00c6c73ef200510c8148ceb4dd66d4121fe8cc6d
SHA512

56f6bf6d1a8a9a8209525f5f67c00ffb1dccaee04e2779a94ff0603019ffd749e266227b7b16841152349f125f8631381d9b2ad6cdb8b8f27cec75dfce44019b
SSDEEP

1536:PBgSpOXB3SfhHLuiTnIOcRYcvtgf1zwQVgvJ:POXaKijINYc61zwLvJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2968	2476	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2968	2476	01eef8fe90a51a24a51956151f51672b.exe	28
PID 2476 wrote to memory of 2968	2476	01eef8fe90a51a24a51956151f51672b.exe	28
PID 2476 wrote to memory of 2968	2476	01eef8fe90a51a24a51956151f51672b.exe	28
PID 2476 wrote to memory of 2968	2476	01eef8fe90a51a24a51956151f51672b.exe	28

C:\Users\Admin\AppData\Local\Temp\01eef8fe90a51a24a51956151f51672b.exe
"C:\Users\Admin\AppData\Local\Temp\01eef8fe90a51a24a51956151f51672b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 36
  2⤵
  - Program crash
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2476-0-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download