c2527402d391e0145943f58c90806df8efd53ab778ff694922911f25dcf39b54 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:44

Sharing

Report Analysis Logs

General

Target

7da64ed512eb7fbd7864134a4084a9cd.exe
Size

253KB
MD5

7da64ed512eb7fbd7864134a4084a9cd
SHA1

d66a841fc7c0caa9d55636d0a242c538a775b7bd
SHA256

c2527402d391e0145943f58c90806df8efd53ab778ff694922911f25dcf39b54
SHA512

e4363ca1ae1735c2098c4f5930cc3b63d206ab5a0c66388fc5b82097ddf22d6d7abdaea1ed849037bfd68438ac4450bece136dc44ecc935523b8132781bca9d9
SSDEEP

6144:G6OyrK8BHUSioOawXZZZU3Rk1HwkE0kLVGAoBRm:GN4NVQIQw9LmB

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	2440	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2496	2440	7da64ed512eb7fbd7864134a4084a9cd.exe	16
PID 2440 wrote to memory of 2496	2440	7da64ed512eb7fbd7864134a4084a9cd.exe	16
PID 2440 wrote to memory of 2496	2440	7da64ed512eb7fbd7864134a4084a9cd.exe	16
PID 2440 wrote to memory of 2496	2440	7da64ed512eb7fbd7864134a4084a9cd.exe	16

C:\Users\Admin\AppData\Local\Temp\7da64ed512eb7fbd7864134a4084a9cd.exe
"C:\Users\Admin\AppData\Local\Temp\7da64ed512eb7fbd7864134a4084a9cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 152
  2⤵
  - Program crash
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2440-0-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download