1aad8bd2f38ffc2ba001bc1a2819c89cd1d48d6b74b1f40bfc5863be8c262289 | Triage

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:47

Sharing

Report Analysis Logs

General

Target

04cf3e24e13dfc16d29ee71bfa34aff9.exe
Size

127KB
MD5

04cf3e24e13dfc16d29ee71bfa34aff9
SHA1

7d2871ef71b5bb062e7679f4ca41a7fae3846a34
SHA256

1aad8bd2f38ffc2ba001bc1a2819c89cd1d48d6b74b1f40bfc5863be8c262289
SHA512

edc87f7850a9a9dd9af169fed5248605a1e9914e8f4700bb6d9ca855b8a9f270e3b4bfd6600ace3d9b59bd322349b0f615e7c8ba11a89bde4c79fa08b60fd24e
SSDEEP

3072:zsoty+25DigTUCTkgqsQ93l21LHP2DqeIP/pNqsQiAMF:zb94rTkkQu0tIX/qs

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1956	1740	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1956	1740	04cf3e24e13dfc16d29ee71bfa34aff9.exe	14
PID 1740 wrote to memory of 1956	1740	04cf3e24e13dfc16d29ee71bfa34aff9.exe	14
PID 1740 wrote to memory of 1956	1740	04cf3e24e13dfc16d29ee71bfa34aff9.exe	14
PID 1740 wrote to memory of 1956	1740	04cf3e24e13dfc16d29ee71bfa34aff9.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 188
1⤵
- Program crash
PID:1956

C:\Users\Admin\AppData\Local\Temp\04cf3e24e13dfc16d29ee71bfa34aff9.exe
"C:\Users\Admin\AppData\Local\Temp\04cf3e24e13dfc16d29ee71bfa34aff9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-0-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download