b0f58ea6865653e3a2e25242911f06559bbb7a3864fdc6e4a08cbc9f575b8479 | Triage

Analysis

max time kernel
162s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:11

Sharing

Report Analysis Logs

General

Target

780e31c4e0a749dde60d9ab6a3ef534d.exe
Size

99KB
MD5

780e31c4e0a749dde60d9ab6a3ef534d
SHA1

14ee927d2ce706a71cfc92977abcbbc41d7f3769
SHA256

b0f58ea6865653e3a2e25242911f06559bbb7a3864fdc6e4a08cbc9f575b8479
SHA512

7d88a8e8c62a47c31743e01e3d5cddf41860e1a3826e234d9ecc970b7feb5882eb68692a421bedace34a52f70746ffe6b84c076606080df15cf17b3f5ea45af5
SSDEEP

3072:ke55xzUF4oNzCogqxdwiacjy9nF5YKiUXRq7:F7xUFbWiyZ/h

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	2240	WerFault.exe	19

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2240	780e31c4e0a749dde60d9ab6a3ef534d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2712	2240	780e31c4e0a749dde60d9ab6a3ef534d.exe	27
PID 2240 wrote to memory of 2712	2240	780e31c4e0a749dde60d9ab6a3ef534d.exe	27
PID 2240 wrote to memory of 2712	2240	780e31c4e0a749dde60d9ab6a3ef534d.exe	27
PID 2240 wrote to memory of 2712	2240	780e31c4e0a749dde60d9ab6a3ef534d.exe	27

C:\Users\Admin\AppData\Local\Temp\780e31c4e0a749dde60d9ab6a3ef534d.exe
"C:\Users\Admin\AppData\Local\Temp\780e31c4e0a749dde60d9ab6a3ef534d.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 568
  2⤵
  - Program crash
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2240-0-0x0000000000220000-0x000000000023D000-memory.dmp

Filesize
116KB

Download
memory/2240-1-0x0000000000220000-0x000000000023D000-memory.dmp

Filesize
116KB

Download
memory/2240-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download