f02c1714184f960e1987f9157115e1e067f1590df9e8249488ec525bfc55f62d | Triage

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:05

Sharing

Report Analysis Logs

General

Target

451c23cb346658a83dd704f554659d91.exe
Size

24KB
MD5

451c23cb346658a83dd704f554659d91
SHA1

f53cb6eaaec9fe2b7daa7bbe7339b96361c97a58
SHA256

f02c1714184f960e1987f9157115e1e067f1590df9e8249488ec525bfc55f62d
SHA512

98963742f0a93e1193b0b6657f50bca52bc1adb69255bcb96273a2cb9fcfb2f2a5e1b1aa1d7eb867c1d64a1a116f2de1fd58c8a55df12d628a011975439fc07e
SSDEEP

384:5xdhRLv54mEcvXG9XGf2iMSMkm/wOvm76MWa4lns:TRLjvXG92f2ihMhwyMf49s

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2732	3044	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2732	3044	451c23cb346658a83dd704f554659d91.exe	28
PID 3044 wrote to memory of 2732	3044	451c23cb346658a83dd704f554659d91.exe	28
PID 3044 wrote to memory of 2732	3044	451c23cb346658a83dd704f554659d91.exe	28
PID 3044 wrote to memory of 2732	3044	451c23cb346658a83dd704f554659d91.exe	28

C:\Users\Admin\AppData\Local\Temp\451c23cb346658a83dd704f554659d91.exe
"C:\Users\Admin\AppData\Local\Temp\451c23cb346658a83dd704f554659d91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 88
  2⤵
  - Program crash
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download