e7ccff00c8e799a85090a1f7a1556021cd4dda9f39774d988075aa2e45b48054 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fa19deda575b6fb9bf71c88803a25116.exe
Size

25KB
MD5

fa19deda575b6fb9bf71c88803a25116
SHA1

412906d4ff54c9c78146afd8722dcc9c3ad4a06a
SHA256

e7ccff00c8e799a85090a1f7a1556021cd4dda9f39774d988075aa2e45b48054
SHA512

3acada775b4b6f0849b11d01d346fc0af030f025207e9e92b3ca57ea3c415d0e204f133b0b210595ff51f77b36046ef4cda4420173509b6834bebd4b0e2e18c1
SSDEEP

768:1N+bPdeTYI1Xza9DcMjfQcnvRBFoBalk:z+bPdvI1XzIDcaQcv3Vlk

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
756	2544	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 756	2544	fa19deda575b6fb9bf71c88803a25116.exe	15
PID 2544 wrote to memory of 756	2544	fa19deda575b6fb9bf71c88803a25116.exe	15
PID 2544 wrote to memory of 756	2544	fa19deda575b6fb9bf71c88803a25116.exe	15
PID 2544 wrote to memory of 756	2544	fa19deda575b6fb9bf71c88803a25116.exe	15

C:\Users\Admin\AppData\Local\Temp\fa19deda575b6fb9bf71c88803a25116.exe
"C:\Users\Admin\AppData\Local\Temp\fa19deda575b6fb9bf71c88803a25116.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 48
  2⤵
  - Program crash
  PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads