49bbb5187b1ba35c9b1b3b18a8dc254b5ad10a5acb3d93fac6475f7dcc8bc4ae | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:27

Sharing

Report Analysis Logs

General

Target

6ab4762cee0e739e1d6b7f58b5bc9842.exe
Size

548KB
MD5

6ab4762cee0e739e1d6b7f58b5bc9842
SHA1

1c79bdb346efc986e080ec84defb3f4989c661cb
SHA256

49bbb5187b1ba35c9b1b3b18a8dc254b5ad10a5acb3d93fac6475f7dcc8bc4ae
SHA512

bfab3d0a1d1a18ebee625f8319a6db045d8d63f9057429d75b2af2c3f52d25e2fd9c62dceb173ff67d344a14cce78be12d512307d2a25bd8cfe34a2263fcebcc
SSDEEP

12288:fcUMrnatdIKCHbm/vNeDuUl8btYLPsfEHlWs9ap:fIndwV5x+kclEp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2272	2512	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2272	2512	6ab4762cee0e739e1d6b7f58b5bc9842.exe	15
PID 2512 wrote to memory of 2272	2512	6ab4762cee0e739e1d6b7f58b5bc9842.exe	15
PID 2512 wrote to memory of 2272	2512	6ab4762cee0e739e1d6b7f58b5bc9842.exe	15
PID 2512 wrote to memory of 2272	2512	6ab4762cee0e739e1d6b7f58b5bc9842.exe	15

C:\Users\Admin\AppData\Local\Temp\6ab4762cee0e739e1d6b7f58b5bc9842.exe
"C:\Users\Admin\AppData\Local\Temp\6ab4762cee0e739e1d6b7f58b5bc9842.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 144
  2⤵
  - Program crash
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-0-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/2512-1-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download