64f21b57260712072019612f6840e1a800a6b883cfa34bc4576d084185f58e88 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:58 UTC

Sharing

Report Analysis Logs

General

Target

6583d6862d8a8c829993543c4465c20e.exe
Size

99KB
MD5

6583d6862d8a8c829993543c4465c20e
SHA1

3c53d9b179c82150b64f996d9f3afec830485ea2
SHA256

64f21b57260712072019612f6840e1a800a6b883cfa34bc4576d084185f58e88
SHA512

e10bc63b230d822e08a5ef6be101fa03bb5dda31b1ae6cbe76d28e7007fc186edd4878c41821c53b7304bfbb3af9bcc1775f59d26249a2eaa64f6d11b76df318
SSDEEP

384:K3wIA7Gj/E6nnP9TDWsKAkk/fG8+lmQP+0JSfgyz:MwIA7QLtDUAdnemQVSfg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	2184	WerFault.exe	1

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16
PID 2184 wrote to memory of 2060	2184	6583d6862d8a8c829993543c4465c20e.exe	16

C:\Users\Admin\AppData\Local\Temp\6583d6862d8a8c829993543c4465c20e.exe
"C:\Users\Admin\AppData\Local\Temp\6583d6862d8a8c829993543c4465c20e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 320
  2⤵
  - Program crash
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2184-3-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2184-2-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/2184-1-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download