79f64b68a3ed4b08b03e8aa83b71603a2d75289948378fb80f8d11e7f88ac887 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:49

Sharing

Report Analysis Logs

General

Target

64f3a6d029c806371c2a4f34c9a72eb7.exe
Size

88KB
MD5

64f3a6d029c806371c2a4f34c9a72eb7
SHA1

8018f72a14f57e3f36fe983c7ba9b8a61769812e
SHA256

79f64b68a3ed4b08b03e8aa83b71603a2d75289948378fb80f8d11e7f88ac887
SHA512

5516017eedd29534c22f23db289d94b7fc9f4d9db9dc0b3f9223b7f5568b2405d0e9923b2bc9d39a5389ffce894d528e963d11b2e458bc416bbbeb9e1c6e24d1
SSDEEP

1536:AoQIKo6iHk1t7qaeJdb3rydGs+af7f6QEiRvbl9lh:ANIKUytWaKb33glbl1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1808	1248	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1808	1248	64f3a6d029c806371c2a4f34c9a72eb7.exe	16
PID 1248 wrote to memory of 1808	1248	64f3a6d029c806371c2a4f34c9a72eb7.exe	16
PID 1248 wrote to memory of 1808	1248	64f3a6d029c806371c2a4f34c9a72eb7.exe	16
PID 1248 wrote to memory of 1808	1248	64f3a6d029c806371c2a4f34c9a72eb7.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 88
1⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\64f3a6d029c806371c2a4f34c9a72eb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f3a6d029c806371c2a4f34c9a72eb7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads