381818a92cafa5857f56f0da73a32f67c33099e539749705ad70630195a249ae | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 03:52

Sharing

Report Analysis Logs

General

Target

03f7651f2dbcfc56a1254593eb75c5db.exe
Size

498KB
MD5

03f7651f2dbcfc56a1254593eb75c5db
SHA1

2179fc84b7cfa02bfc90c701b39a046b58a0a091
SHA256

381818a92cafa5857f56f0da73a32f67c33099e539749705ad70630195a249ae
SHA512

430d6ee3eaa4cd6c5ba6c7ff70fdcad597e8b93235ee231d193b1629b66777842d7e7e1ea67b34ead9f607048b8e826416ad4fae049d6cb3a87ad5e8e8a42ad3
SSDEEP

12288:9sdt62zK6JPMZwlM6Y77xE9MFEyCP2XGPAx:+T46JUZaM6Y77xoaRCO+

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\ctfmom32.exe	03f7651f2dbcfc56a1254593eb75c5db.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1068	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1068	2356	03f7651f2dbcfc56a1254593eb75c5db.exe	28
PID 2356 wrote to memory of 1068	2356	03f7651f2dbcfc56a1254593eb75c5db.exe	28
PID 2356 wrote to memory of 1068	2356	03f7651f2dbcfc56a1254593eb75c5db.exe	28
PID 2356 wrote to memory of 1068	2356	03f7651f2dbcfc56a1254593eb75c5db.exe	28

C:\Users\Admin\AppData\Local\Temp\03f7651f2dbcfc56a1254593eb75c5db.exe
"C:\Users\Admin\AppData\Local\Temp\03f7651f2dbcfc56a1254593eb75c5db.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 444
  2⤵
  - Program crash
  PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-0-0x0000000000410000-0x0000000000491000-memory.dmp

Filesize
516KB

Download
memory/2356-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2356-2-0x0000000000410000-0x0000000000491000-memory.dmp

Filesize
516KB

Download
memory/2356-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download