49b17c8cea5757060bd68157f57949063ac3a770a278f50bbb4aa4447af38f72 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 07:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0eb78b03407ccf23a7df0cbd48f554dc.exe
Size

28KB
MD5

0eb78b03407ccf23a7df0cbd48f554dc
SHA1

91a376d57684fbe3c641bc39dd7d12dd2f05fc21
SHA256

49b17c8cea5757060bd68157f57949063ac3a770a278f50bbb4aa4447af38f72
SHA512

26db1052a6f80f2104c45a79336b3602201a4b123b707842d3175e068e48d7a384bd871183005bf8d2b201ff6f5fd73c67ea4bad178f3f19a1acf1ff26158832
SSDEEP

384:2UuGN5Nh3KGtWoijgKAz3JVNifKGD2vZ2Sy/F:M05L3KyWoggK4VUivhyd

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1652	2316	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 1652	2316	0eb78b03407ccf23a7df0cbd48f554dc.exe	16
PID 2316 wrote to memory of 1652	2316	0eb78b03407ccf23a7df0cbd48f554dc.exe	16
PID 2316 wrote to memory of 1652	2316	0eb78b03407ccf23a7df0cbd48f554dc.exe	16
PID 2316 wrote to memory of 1652	2316	0eb78b03407ccf23a7df0cbd48f554dc.exe	16

C:\Users\Admin\AppData\Local\Temp\0eb78b03407ccf23a7df0cbd48f554dc.exe
"C:\Users\Admin\AppData\Local\Temp\0eb78b03407ccf23a7df0cbd48f554dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 88
  2⤵
  - Program crash
  PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download