a458ebab9dda55b96012efad9254a73f262b49d0e56549a10bbdd79c3eab7fe8 | Triage

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:58

Sharing

Report Analysis Logs

General

Target

fb13d646fb7231620677810c34294ee2.exe
Size

304KB
MD5

fb13d646fb7231620677810c34294ee2
SHA1

84e0556bfcc3c40cfe1e9ead183a8048e0ca19f6
SHA256

a458ebab9dda55b96012efad9254a73f262b49d0e56549a10bbdd79c3eab7fe8
SHA512

2bb71ae153b5148b00293d8d7baa987acddb90da70754582be5c990db27880a699ea6b2ac19275ab51c26f5f8b68c20d90c212f000be6c007c7cf85fa67efde5
SSDEEP

6144:FsatEt/FdCB1eUf8TVCxQorM6jMRsmI50Rfm:nEt/FdCB1eUf8CxQoXj9T++

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
852	2224	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 852	2224	fb13d646fb7231620677810c34294ee2.exe	28
PID 2224 wrote to memory of 852	2224	fb13d646fb7231620677810c34294ee2.exe	28
PID 2224 wrote to memory of 852	2224	fb13d646fb7231620677810c34294ee2.exe	28
PID 2224 wrote to memory of 852	2224	fb13d646fb7231620677810c34294ee2.exe	28

C:\Users\Admin\AppData\Local\Temp\fb13d646fb7231620677810c34294ee2.exe
"C:\Users\Admin\AppData\Local\Temp\fb13d646fb7231620677810c34294ee2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 148
  2⤵
  - Program crash
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads