c0071ae2cebf286a8e6bc622cb81b1511939b2b268a0f838c0aba373568223f4 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 21:19

Sharing

Report Analysis Logs

General

Target

f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe
Size

1.3MB
MD5

f8df9cadf3cfd31cdf5f4f1bd1db7a5d
SHA1

528633e1294913f5eddb4195a0a20c2cccba3d06
SHA256

c0071ae2cebf286a8e6bc622cb81b1511939b2b268a0f838c0aba373568223f4
SHA512

2419d6519aaf990f9fe1d37c78e3cf75bbe65d5cc64ccf03cb7b3b394db5d5bd44fb4784ecc1551e56574554679825b9bbcd9475e98411757361364c49f2fc6c
SSDEEP

24576:E0x1QcyghdbSwHGMn0WEDJ5oUbuM1PWkXzxM:nx+cyUgwRn01dyUbuMAkjxM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2804	2460	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2804	2460	f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe	28
PID 2460 wrote to memory of 2804	2460	f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe	28
PID 2460 wrote to memory of 2804	2460	f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe	28
PID 2460 wrote to memory of 2804	2460	f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe	28

C:\Users\Admin\AppData\Local\Temp\f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe
"C:\Users\Admin\AppData\Local\Temp\f8df9cadf3cfd31cdf5f4f1bd1db7a5d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 36
  2⤵
  - Program crash
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads