7bf2317bbbacae740e288d910f1d98b62d8938dedca334a6b7804ad7d93e5575 | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 11:36

Sharing

Report Analysis Logs

General

Target

1b4c90bfd523beeeb6a6977e42aa7e47.exe
Size

62KB
MD5

1b4c90bfd523beeeb6a6977e42aa7e47
SHA1

6fbc5d9b9f939ce43d17fb3b61de7a216ba9e4ca
SHA256

7bf2317bbbacae740e288d910f1d98b62d8938dedca334a6b7804ad7d93e5575
SHA512

900add820d07619e6fabc197dafc8f7695fccb41593a41364acb999fbd584aed3f4d7921e9fa7f9798386be02f23f7ddde0a036f17f5294a504fb232f7c54c5b
SSDEEP

1536:sx6YtcFxxUZa1kQJrAEEqL7GgP8DGAoCz:KVtcFxxd1kQhA9qugP8CAoC

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2868	2080	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2868	2080	1b4c90bfd523beeeb6a6977e42aa7e47.exe	28
PID 2080 wrote to memory of 2868	2080	1b4c90bfd523beeeb6a6977e42aa7e47.exe	28
PID 2080 wrote to memory of 2868	2080	1b4c90bfd523beeeb6a6977e42aa7e47.exe	28
PID 2080 wrote to memory of 2868	2080	1b4c90bfd523beeeb6a6977e42aa7e47.exe	28

C:\Users\Admin\AppData\Local\Temp\1b4c90bfd523beeeb6a6977e42aa7e47.exe
"C:\Users\Admin\AppData\Local\Temp\1b4c90bfd523beeeb6a6977e42aa7e47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 120
  2⤵
  - Program crash
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads