22f89f085d0453096c14c87915773dec5ac5b991cd593f89ecab77621bca1021 | Triage

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:30

Sharing

Report Analysis Logs

General

Target

507248cd5fa75512a886ca5f8c633bfa.exe
Size

128KB
MD5

507248cd5fa75512a886ca5f8c633bfa
SHA1

690faadf42edcfe0c85ffbc86f303add5e61b186
SHA256

22f89f085d0453096c14c87915773dec5ac5b991cd593f89ecab77621bca1021
SHA512

d23a663462df68a64bd0fadbd0e88d5f912c683cc3f2ed0db5ff6456ac3de7383f05c99f40f065dc64c2da955497d2c465453a728d1cdc8db004b90af46dab01
SSDEEP

1536:PMbwX/Dk8FRYMdxDll0zCfY3SLNn9ZKAS0LCHJN:PP/YWl0zCw3SLNnrKCLWN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2504	2208	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2504	2208	507248cd5fa75512a886ca5f8c633bfa.exe	28
PID 2208 wrote to memory of 2504	2208	507248cd5fa75512a886ca5f8c633bfa.exe	28
PID 2208 wrote to memory of 2504	2208	507248cd5fa75512a886ca5f8c633bfa.exe	28
PID 2208 wrote to memory of 2504	2208	507248cd5fa75512a886ca5f8c633bfa.exe	28

C:\Users\Admin\AppData\Local\Temp\507248cd5fa75512a886ca5f8c633bfa.exe
"C:\Users\Admin\AppData\Local\Temp\507248cd5fa75512a886ca5f8c633bfa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 88
  2⤵
  - Program crash
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads