4e77fcd24afe920521fd2897b9fca64cd1584fc8c7c180c6d0ae4c4191908201 | Triage

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bedd92aadf1806b8917956afc322d50.exe
Size

904KB
MD5

3bedd92aadf1806b8917956afc322d50
SHA1

3985cddcea12f13180e379be58e62bd844c1e5f9
SHA256

4e77fcd24afe920521fd2897b9fca64cd1584fc8c7c180c6d0ae4c4191908201
SHA512

352c6076be90c9a4de077b6606c141310410a585bc86636a414d555c253226c746b38e36ff9452989bab2369ca3a453e654fc0ba8b78681efadab0b24c905fd5
SSDEEP

3072:ft2cWtTBfVkfqM2SCAygRjlIqZoFzJcqUs:hWtTBdsqEPxjjoFzf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2412	2404	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2412	2404	3bedd92aadf1806b8917956afc322d50.exe	28
PID 2404 wrote to memory of 2412	2404	3bedd92aadf1806b8917956afc322d50.exe	28
PID 2404 wrote to memory of 2412	2404	3bedd92aadf1806b8917956afc322d50.exe	28
PID 2404 wrote to memory of 2412	2404	3bedd92aadf1806b8917956afc322d50.exe	28

C:\Users\Admin\AppData\Local\Temp\3bedd92aadf1806b8917956afc322d50.exe
"C:\Users\Admin\AppData\Local\Temp\3bedd92aadf1806b8917956afc322d50.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 36
  2⤵
  - Program crash
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads