8f72cca645961f3b7ed5c0181872e4d9761afc671337155efe7688b5f17c5804 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f0f7fb80093bc44a2cae8590963663a.exe
Size

100KB
MD5

5f0f7fb80093bc44a2cae8590963663a
SHA1

87ae938fc058485583d0586abcca69f3f3499f12
SHA256

8f72cca645961f3b7ed5c0181872e4d9761afc671337155efe7688b5f17c5804
SHA512

0006de38c3594817a3009170f714acbd9c525ecda4d9331a15d5ed733f8b0007384ff996093b7c94931d5e268f044a509cb75d685b8105e9385606a03ed22e91
SSDEEP

3072:ZM7p9DRvYrkkms4NlZgkertL+4MOqtPprY:y7ppRvYAgEpEy4MOqNW

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2720	2316	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2720	2316	5f0f7fb80093bc44a2cae8590963663a.exe	14
PID 2316 wrote to memory of 2720	2316	5f0f7fb80093bc44a2cae8590963663a.exe	14
PID 2316 wrote to memory of 2720	2316	5f0f7fb80093bc44a2cae8590963663a.exe	14
PID 2316 wrote to memory of 2720	2316	5f0f7fb80093bc44a2cae8590963663a.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 136
1⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\5f0f7fb80093bc44a2cae8590963663a.exe
"C:\Users\Admin\AppData\Local\Temp\5f0f7fb80093bc44a2cae8590963663a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2316-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download