761b3a1380fb93e55bb07b34dc28ae3d77ce0e9d22b111f4a60badc14aa5a689 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:20

Sharing

Report Analysis Logs

General

Target

28cdc13278569c21eb42c3d6ff5e09ba.exe
Size

28KB
MD5

28cdc13278569c21eb42c3d6ff5e09ba
SHA1

34bea55f1920884ae803f649be32c8dd51a785fb
SHA256

761b3a1380fb93e55bb07b34dc28ae3d77ce0e9d22b111f4a60badc14aa5a689
SHA512

ce16e46c88801ae3898af20271370010e7fb0ad7513bd623e1dc38a802bad1eb906bac2cd2460dc6175f9342c4c02f4120e5fd6bf582bc51f11b8e769364634f
SSDEEP

768:wEbffIKvc1pMsnbvQD5W9H5HyrpEhrdzR3XxpZy:wOffIY45nbsY9kqdz3Dy

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2276	2240	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2276	2240	28cdc13278569c21eb42c3d6ff5e09ba.exe	22
PID 2240 wrote to memory of 2276	2240	28cdc13278569c21eb42c3d6ff5e09ba.exe	22
PID 2240 wrote to memory of 2276	2240	28cdc13278569c21eb42c3d6ff5e09ba.exe	22
PID 2240 wrote to memory of 2276	2240	28cdc13278569c21eb42c3d6ff5e09ba.exe	22

C:\Users\Admin\AppData\Local\Temp\28cdc13278569c21eb42c3d6ff5e09ba.exe
"C:\Users\Admin\AppData\Local\Temp\28cdc13278569c21eb42c3d6ff5e09ba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 148
  2⤵
  - Program crash
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2240-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download