bdf81dd9d4b2a58c8d4bf5aaea637041beca19a30b99017cd640f6d32339d871 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:12

Sharing

Report Analysis Logs

General

Target

fbe6048b7aead2c2fe28933895aaaeaa.exe
Size

4KB
MD5

fbe6048b7aead2c2fe28933895aaaeaa
SHA1

c11fe553dd74c0a0deb1e8c4422b23cfffdc40b0
SHA256

bdf81dd9d4b2a58c8d4bf5aaea637041beca19a30b99017cd640f6d32339d871
SHA512

83079d0967b50ee0526b2ff81b75369a80f76001ced35a7231e22c611ff5d0f52635d277f583c4a1a40d8e8f09f33aaa77f82c951ebb1ce5736a870864dcaf62

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1600	2008	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1600	2008	fbe6048b7aead2c2fe28933895aaaeaa.exe	28
PID 2008 wrote to memory of 1600	2008	fbe6048b7aead2c2fe28933895aaaeaa.exe	28
PID 2008 wrote to memory of 1600	2008	fbe6048b7aead2c2fe28933895aaaeaa.exe	28
PID 2008 wrote to memory of 1600	2008	fbe6048b7aead2c2fe28933895aaaeaa.exe	28

C:\Users\Admin\AppData\Local\Temp\fbe6048b7aead2c2fe28933895aaaeaa.exe
"C:\Users\Admin\AppData\Local\Temp\fbe6048b7aead2c2fe28933895aaaeaa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 552
  2⤵
  - Program crash
  PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-0-0x0000000000ED0000-0x0000000000ED8000-memory.dmp

Filesize
32KB

Download
memory/2008-1-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2008-2-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download