798f2abc7c2608efef05a72107831c648600b2f5ca8d59ad4511a0385c0a502f | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21a4a217d137f06ca5c31eb558ed6fb9.exe
Size

55KB
MD5

21a4a217d137f06ca5c31eb558ed6fb9
SHA1

37fdfef7d9ca11440ec3254c37bcc001aaa55996
SHA256

798f2abc7c2608efef05a72107831c648600b2f5ca8d59ad4511a0385c0a502f
SHA512

97da10595ac2fdecd8621fe02d0db17596586f61e916198d2ccd08710f070504e0b1626bbb750708fa1896ccfb17a42dfc4a10bc3fd3088eed0ff13147f27bf5
SSDEEP

1536:uLqT6WeX6sCTXNg4YAhR4lLrmdcRveJSX+0kYNJd2Lu:u4eJICAj0L26xkYNJuu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2060	2920	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2060	2920	21a4a217d137f06ca5c31eb558ed6fb9.exe	14
PID 2920 wrote to memory of 2060	2920	21a4a217d137f06ca5c31eb558ed6fb9.exe	14
PID 2920 wrote to memory of 2060	2920	21a4a217d137f06ca5c31eb558ed6fb9.exe	14
PID 2920 wrote to memory of 2060	2920	21a4a217d137f06ca5c31eb558ed6fb9.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 140
1⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\21a4a217d137f06ca5c31eb558ed6fb9.exe
"C:\Users\Admin\AppData\Local\Temp\21a4a217d137f06ca5c31eb558ed6fb9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2920-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download