58921fe4709d15cea632553203ebdca9d15361d516d9c88a9da49f37fb7131ab | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:40

Sharing

Report Analysis Logs

General

Target

fa0feeca670877fce8934b107feb41e0.exe
Size

55KB
MD5

fa0feeca670877fce8934b107feb41e0
SHA1

54d3d94d8833f63dadff33d5ee968fb42e6971c2
SHA256

58921fe4709d15cea632553203ebdca9d15361d516d9c88a9da49f37fb7131ab
SHA512

a0644140cabf0ee216f36e2cd12816accf411d050c70680ecd45c99b9284eda16698a058974dac08e8bb780c16ac2b92076fea457602cb890593cd5f2f37d304
SSDEEP

1536:1ft4Pi/atTZn2yeCqGjqc7pdkVjbDdFau:71/adZvNqgH7p4jbWu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2536	2444	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2536	2444	fa0feeca670877fce8934b107feb41e0.exe	14
PID 2444 wrote to memory of 2536	2444	fa0feeca670877fce8934b107feb41e0.exe	14
PID 2444 wrote to memory of 2536	2444	fa0feeca670877fce8934b107feb41e0.exe	14
PID 2444 wrote to memory of 2536	2444	fa0feeca670877fce8934b107feb41e0.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 140
1⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\fa0feeca670877fce8934b107feb41e0.exe
"C:\Users\Admin\AppData\Local\Temp\fa0feeca670877fce8934b107feb41e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download