5ef1598a22f4f3ad2cadc8ed0779197cff0b470747395cd4e5c4f16110c9cb39 | Triage

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b738cb9a61a10ab1fc7041cc6254f3a.exe
Size

92KB
MD5

7b738cb9a61a10ab1fc7041cc6254f3a
SHA1

49c16f17896295f06704f7064b94d328d5a555f9
SHA256

5ef1598a22f4f3ad2cadc8ed0779197cff0b470747395cd4e5c4f16110c9cb39
SHA512

7bb616176dcd3183c6796664c6de74cc633fb4decd0606cad7c0b206025469398376277979e36ffe654bd6c84f6ed010377c155ddafe602cc32a3f846d00ffab
SSDEEP

1536:wVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:AnxwgxgfR/DVG7wBpE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1040	852	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1040	852	7b738cb9a61a10ab1fc7041cc6254f3a.exe	28
PID 852 wrote to memory of 1040	852	7b738cb9a61a10ab1fc7041cc6254f3a.exe	28
PID 852 wrote to memory of 1040	852	7b738cb9a61a10ab1fc7041cc6254f3a.exe	28
PID 852 wrote to memory of 1040	852	7b738cb9a61a10ab1fc7041cc6254f3a.exe	28

C:\Users\Admin\AppData\Local\Temp\7b738cb9a61a10ab1fc7041cc6254f3a.exe
"C:\Users\Admin\AppData\Local\Temp\7b738cb9a61a10ab1fc7041cc6254f3a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 100
  2⤵
  - Program crash
  PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/852-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/852-1-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download