556abd3cb6c575aab4df4636f8e1037d0e4ef844a1fd98024bde4cc56ba6b05d | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 13:19

Sharing

Report Analysis Logs

General

Target

71bf05713689f744abcec2018d937fbf.exe
Size

295KB
MD5

71bf05713689f744abcec2018d937fbf
SHA1

b0314167ba1093ee264a00711fb17728b47fd3c4
SHA256

556abd3cb6c575aab4df4636f8e1037d0e4ef844a1fd98024bde4cc56ba6b05d
SHA512

c6d938234928a9784a82235ae6ebe1a60054e43ff73a00eb3b93040c49a6cc6a1693586f8096d584a59d46392ec87a8310f35ceec91e45733167775a443c4d7f
SSDEEP

6144:Y2dMQRbR0FZXpqN+zUdVkwKL3f1n5Yws0gY:uQR2HadVmL3tKwaY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2952	2888	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2952	2888	71bf05713689f744abcec2018d937fbf.exe	14
PID 2888 wrote to memory of 2952	2888	71bf05713689f744abcec2018d937fbf.exe	14
PID 2888 wrote to memory of 2952	2888	71bf05713689f744abcec2018d937fbf.exe	14
PID 2888 wrote to memory of 2952	2888	71bf05713689f744abcec2018d937fbf.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 128
1⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\71bf05713689f744abcec2018d937fbf.exe
"C:\Users\Admin\AppData\Local\Temp\71bf05713689f744abcec2018d937fbf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2888-0-0x000000002F6B0000-0x000000002F6D7000-memory.dmp

Filesize
156KB

Download
memory/2888-1-0x000000002F6B0000-0x000000002F6D7000-memory.dmp

Filesize
156KB

Download