76e582ddd74d0c0441a49e44569b2973a973a5e821cfaf7ed556e35eeeb64ab6 | Triage

Analysis

max time kernel
117s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:14

Sharing

Report Analysis Logs

General

Target

5eef5e4415f16ef04571759c5faa1b81.exe
Size

7KB
MD5

5eef5e4415f16ef04571759c5faa1b81
SHA1

da9a7dbb022ec1ede397c37bb17c8b9877b0cd07
SHA256

76e582ddd74d0c0441a49e44569b2973a973a5e821cfaf7ed556e35eeeb64ab6
SHA512

7c3c47b889fd7634b1fb101109b859cb3979b647e5266ac5ad703f2ae12b85e7999f9106baf789b96e191c2af3e8a418d48e1d1bbfa1ff28d1df639f0d8cf705
SSDEEP

96:/PmvWTN8vk/3aR6JqP829iMb10NNNNNNNNNlPPlZCbpczNt:hGk/QjkRMpUlZC1m

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2724	2024	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2724	2024	5eef5e4415f16ef04571759c5faa1b81.exe	29
PID 2024 wrote to memory of 2724	2024	5eef5e4415f16ef04571759c5faa1b81.exe	29
PID 2024 wrote to memory of 2724	2024	5eef5e4415f16ef04571759c5faa1b81.exe	29
PID 2024 wrote to memory of 2724	2024	5eef5e4415f16ef04571759c5faa1b81.exe	29

C:\Users\Admin\AppData\Local\Temp\5eef5e4415f16ef04571759c5faa1b81.exe
"C:\Users\Admin\AppData\Local\Temp\5eef5e4415f16ef04571759c5faa1b81.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 564
  2⤵
  - Program crash
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-0-0x0000000000810000-0x0000000000818000-memory.dmp

Filesize
32KB

Download
memory/2024-1-0x0000000074C60000-0x000000007534E000-memory.dmp

Filesize
6.9MB

Download
memory/2024-2-0x0000000074C60000-0x000000007534E000-memory.dmp

Filesize
6.9MB

Download