320b634378ecbb0971d2f6a0c3cd27713ffdc2ebfd44deee9eb7b394af041508 | Triage

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:22

Sharing

Report Analysis Logs

General

Target

0583039bc8a979a627a5e4ff8cbc5237.exe
Size

106KB
MD5

0583039bc8a979a627a5e4ff8cbc5237
SHA1

f09a8d363fafc9ab111c2c3c2e874c16fd89ae61
SHA256

320b634378ecbb0971d2f6a0c3cd27713ffdc2ebfd44deee9eb7b394af041508
SHA512

c6206eeb9c911e5f2fc3bab4b7eac3b81ea61b610cdfbfd44c71b47f0b53183ae763cc10263c5afa64930a3ad40ba00ab215834f1ed95d3256591cc7e21ca9d9
SSDEEP

3072:4WIziPAQKqPV0b1va/I2YCGBejYRi77gAbbd:4ZyZdmlp2TGEjGi77gA3d

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3064	3016	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3064	3016	0583039bc8a979a627a5e4ff8cbc5237.exe	28
PID 3016 wrote to memory of 3064	3016	0583039bc8a979a627a5e4ff8cbc5237.exe	28
PID 3016 wrote to memory of 3064	3016	0583039bc8a979a627a5e4ff8cbc5237.exe	28
PID 3016 wrote to memory of 3064	3016	0583039bc8a979a627a5e4ff8cbc5237.exe	28

C:\Users\Admin\AppData\Local\Temp\0583039bc8a979a627a5e4ff8cbc5237.exe
"C:\Users\Admin\AppData\Local\Temp\0583039bc8a979a627a5e4ff8cbc5237.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 36
  2⤵
  - Program crash
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3016-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3016-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download