965b7a5e47bacec22468d0765fa7be3c09b034d24b89e3b60fd96c3dd59359c7 | Triage

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:52

Sharing

Report Analysis Logs

General

Target

615fcc5f3c4db2e6cbb370e9a5bd5db9.exe
Size

7.8MB
MD5

615fcc5f3c4db2e6cbb370e9a5bd5db9
SHA1

c835de159a85df7e2f65d825d983baf38cee82a2
SHA256

965b7a5e47bacec22468d0765fa7be3c09b034d24b89e3b60fd96c3dd59359c7
SHA512

ed0b29be7ae95b4d041062fcf28f2dc496e195441d09e470375c17cb8322548278c97382b6c93abf2102b39e75e25684b8872d413fc0c2c176ee9c4e824c3cff
SSDEEP

196608:tVAVa6HwA707jmsDxa2y5KebMa3AbKh8RWAg+:GaGceKxaXKeb/v63

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2708	2664	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2708	2664	615fcc5f3c4db2e6cbb370e9a5bd5db9.exe	16
PID 2664 wrote to memory of 2708	2664	615fcc5f3c4db2e6cbb370e9a5bd5db9.exe	16
PID 2664 wrote to memory of 2708	2664	615fcc5f3c4db2e6cbb370e9a5bd5db9.exe	16
PID 2664 wrote to memory of 2708	2664	615fcc5f3c4db2e6cbb370e9a5bd5db9.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 36
1⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\615fcc5f3c4db2e6cbb370e9a5bd5db9.exe
"C:\Users\Admin\AppData\Local\Temp\615fcc5f3c4db2e6cbb370e9a5bd5db9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-0-0x00000000011B0000-0x00000000015E4000-memory.dmp

Filesize
4.2MB

Download