41a5353201641d74167a1431b5cf84d2873557c5895eab9a48e60b24439443e6 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 22:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc892a3363b4c60f5c384b5372197e75.exe
Size

208KB
MD5

fc892a3363b4c60f5c384b5372197e75
SHA1

09f7ea7a33618780412e26c6a77123aa4b60ce1a
SHA256

41a5353201641d74167a1431b5cf84d2873557c5895eab9a48e60b24439443e6
SHA512

0d182a01450a758bbdc27d0525b5a4d48b21c7cdba1dd485abac017b1e0c607a3a68ea21ce78f00a9be92094e358749abe2fd8dcc8ba53d6fc8240d755352bd2
SSDEEP

3072:BVHg6c4xGvbwcU9KQ2BBAHmaPxlVoCb5E:06c4xGxWKQ2Bonx

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2096	2080	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2096	2080	fc892a3363b4c60f5c384b5372197e75.exe	28
PID 2080 wrote to memory of 2096	2080	fc892a3363b4c60f5c384b5372197e75.exe	28
PID 2080 wrote to memory of 2096	2080	fc892a3363b4c60f5c384b5372197e75.exe	28
PID 2080 wrote to memory of 2096	2080	fc892a3363b4c60f5c384b5372197e75.exe	28

C:\Users\Admin\AppData\Local\Temp\fc892a3363b4c60f5c384b5372197e75.exe
"C:\Users\Admin\AppData\Local\Temp\fc892a3363b4c60f5c384b5372197e75.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 124
  2⤵
  - Program crash
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download