e7567d3fa91421fb85f72ba3c3936148b0256cad9c8da0de8ec9352c9b110d78 | Triage

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:52

Sharing

Report Analysis Logs

General

Target

6fe81e251f96f1d1cc9191bd75fb9daa.exe
Size

496KB
MD5

6fe81e251f96f1d1cc9191bd75fb9daa
SHA1

2b6660d0e4f79dcf133107f4e02dc16ae14fb3f7
SHA256

e7567d3fa91421fb85f72ba3c3936148b0256cad9c8da0de8ec9352c9b110d78
SHA512

8f3cc0892d10b8a5b7d08f345fb2d79d6774abb533772cb372283fbc9f072cbf1baa5cf48bb97dcaa10ae53027f125596e30e989e80d5acd45c2f7ef5beaeca0
SSDEEP

12288:o2P+/WaIxYgg4X0qJpnqtef/wpidMF30ZrAhj:ogtdYVgTJpp8P3irAhj

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	2080	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2952	2080	6fe81e251f96f1d1cc9191bd75fb9daa.exe	28
PID 2080 wrote to memory of 2952	2080	6fe81e251f96f1d1cc9191bd75fb9daa.exe	28
PID 2080 wrote to memory of 2952	2080	6fe81e251f96f1d1cc9191bd75fb9daa.exe	28
PID 2080 wrote to memory of 2952	2080	6fe81e251f96f1d1cc9191bd75fb9daa.exe	28

C:\Users\Admin\AppData\Local\Temp\6fe81e251f96f1d1cc9191bd75fb9daa.exe
"C:\Users\Admin\AppData\Local\Temp\6fe81e251f96f1d1cc9191bd75fb9daa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 36
  2⤵
  - Program crash
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads