6c680cdf34686edebe173812065f7e57e6b31116e21900635d20e1e32e06f318 | Triage

Analysis

max time kernel
142s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 02:02

Sharing

Report Analysis Logs

General

Target

4b3f4714e2128d8e44ea1e794853b5c3.exe
Size

333KB
MD5

4b3f4714e2128d8e44ea1e794853b5c3
SHA1

a3ef0578b44e37e506c6a842818eb603fed3d204
SHA256

6c680cdf34686edebe173812065f7e57e6b31116e21900635d20e1e32e06f318
SHA512

ad60070696bfb62177962f4d240a119ff8713401332b0f80802fa6a163d083b2af505dc4f83e1af208eec1b729af1f000fe8cf9a008b9893d12c03de212f423b
SSDEEP

6144:FkXEe69sd1UQXMbQRjkod6U912429sd1UQXMbQRjkod6U:6GQkA1GQk

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2400	1656	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2400	1656	4b3f4714e2128d8e44ea1e794853b5c3.exe	28
PID 1656 wrote to memory of 2400	1656	4b3f4714e2128d8e44ea1e794853b5c3.exe	28
PID 1656 wrote to memory of 2400	1656	4b3f4714e2128d8e44ea1e794853b5c3.exe	28
PID 1656 wrote to memory of 2400	1656	4b3f4714e2128d8e44ea1e794853b5c3.exe	28

C:\Users\Admin\AppData\Local\Temp\4b3f4714e2128d8e44ea1e794853b5c3.exe
"C:\Users\Admin\AppData\Local\Temp\4b3f4714e2128d8e44ea1e794853b5c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 140
  2⤵
  - Program crash
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1656-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download