31e1d8b986c0ba4bd43361c594e143115d15d56e733c1b192b02c89fc24a9832 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 11:33

Sharing

Report Analysis Logs

General

Target

1b2217136425fd128f1af2b34ca33e3e.exe
Size

166KB
MD5

1b2217136425fd128f1af2b34ca33e3e
SHA1

f79dac846595287f2b613785a365669fbbc70d92
SHA256

31e1d8b986c0ba4bd43361c594e143115d15d56e733c1b192b02c89fc24a9832
SHA512

216328853d210a2d7d9cc1aba770ebac2617c1ab0a06cbfea75609d07b4ad0e0c2ba78ad202c63ab9e0c21dbb603ec05a42a860543cf6d0379972216645cb18c
SSDEEP

3072:QRqEC2Oi8NXC797F8TBfFvj4bq576u7P1PAFi:QbC2F8NXC796TB9vj486u7dD

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2416	2428	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2416	2428	1b2217136425fd128f1af2b34ca33e3e.exe	28
PID 2428 wrote to memory of 2416	2428	1b2217136425fd128f1af2b34ca33e3e.exe	28
PID 2428 wrote to memory of 2416	2428	1b2217136425fd128f1af2b34ca33e3e.exe	28
PID 2428 wrote to memory of 2416	2428	1b2217136425fd128f1af2b34ca33e3e.exe	28

C:\Users\Admin\AppData\Local\Temp\1b2217136425fd128f1af2b34ca33e3e.exe
"C:\Users\Admin\AppData\Local\Temp\1b2217136425fd128f1af2b34ca33e3e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 36
  2⤵
  - Program crash
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads