e15b51db1c00612f9727ad367f1be29723056d40142a03826b238b52471b0cf9 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:52 UTC

Sharing

Report Analysis Logs

General

Target

132d4702a3556c2b49b0cc5ac04b4757.exe
Size

16KB
MD5

132d4702a3556c2b49b0cc5ac04b4757
SHA1

4a4fd31214892dbb723851b84723db92ade20289
SHA256

e15b51db1c00612f9727ad367f1be29723056d40142a03826b238b52471b0cf9
SHA512

fbd805004ae54f1dd1e04ddc2843e72ba1388aaaa1028a67732a5ca3d1317094f406e4480539a8ac539fdffda5a9c724ff7903875b93787e2765bba802de3d6d
SSDEEP

384:3KDjyEZYXIZfXSI/6w6qizhZyBK3xoizSCSHH:3kbJSjBMG5fA

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
912	824	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 912	824	132d4702a3556c2b49b0cc5ac04b4757.exe	16
PID 824 wrote to memory of 912	824	132d4702a3556c2b49b0cc5ac04b4757.exe	16
PID 824 wrote to memory of 912	824	132d4702a3556c2b49b0cc5ac04b4757.exe	16
PID 824 wrote to memory of 912	824	132d4702a3556c2b49b0cc5ac04b4757.exe	16

C:\Users\Admin\AppData\Local\Temp\132d4702a3556c2b49b0cc5ac04b4757.exe
"C:\Users\Admin\AppData\Local\Temp\132d4702a3556c2b49b0cc5ac04b4757.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 36
  2⤵
  - Program crash
  PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads