f28ca9dd4b02a2e07a6f9871c1d9ff884418959a01e85fc844a8a52f5e1e92ac | Triage

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:17

Sharing

Report Analysis Logs

General

Target

056ad5ac7b8ae84f118bd240cc272739.exe
Size

8KB
MD5

056ad5ac7b8ae84f118bd240cc272739
SHA1

3a820c3274111454d959dc9d2c2700fd87204e16
SHA256

f28ca9dd4b02a2e07a6f9871c1d9ff884418959a01e85fc844a8a52f5e1e92ac
SHA512

7b23882bbd16c4e2ed85001b7591b277349bae86763a14a7f6d692c97375ffb37346c7d64c9ed740fa69b4a1345e2ee5668e9ad3c5dc1a855450afb70aa0b836
SSDEEP

192:fMG3Zl2aVAfNxl1THsaxgzgeBGjPnL76rnQAzX:fMGeNxDTH/aB2I

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	2032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2000	2032	056ad5ac7b8ae84f118bd240cc272739.exe	28
PID 2032 wrote to memory of 2000	2032	056ad5ac7b8ae84f118bd240cc272739.exe	28
PID 2032 wrote to memory of 2000	2032	056ad5ac7b8ae84f118bd240cc272739.exe	28
PID 2032 wrote to memory of 2000	2032	056ad5ac7b8ae84f118bd240cc272739.exe	28

C:\Users\Admin\AppData\Local\Temp\056ad5ac7b8ae84f118bd240cc272739.exe
"C:\Users\Admin\AppData\Local\Temp\056ad5ac7b8ae84f118bd240cc272739.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 36
  2⤵
  - Program crash
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-0-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download