4d733c4d745648f84f8297db56621f0e463f8f830e53c8a875bc560c609168bc | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:44

Sharing

Report Analysis Logs

General

Target

05fe660a4accc522b6e31e72d0566c6f.exe
Size

13KB
MD5

05fe660a4accc522b6e31e72d0566c6f
SHA1

76d0e3aee2af89c70ecf77ceaf577170890df95c
SHA256

4d733c4d745648f84f8297db56621f0e463f8f830e53c8a875bc560c609168bc
SHA512

672243896a83d98bf96c660a54614ed8526bec5e79dd40057baa6f6c5dbc074107b4fbc76e9e657c87573cb210690f3665ecca7bd27e8ab0503cf6b0281d14de
SSDEEP

192:1vt7gcrSOtdFc4C+KMVVqW6ZVzNH204PAWJmgtmm:p9hm4C+IvKSgv

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2252	1772	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2252	1772	05fe660a4accc522b6e31e72d0566c6f.exe	16
PID 1772 wrote to memory of 2252	1772	05fe660a4accc522b6e31e72d0566c6f.exe	16
PID 1772 wrote to memory of 2252	1772	05fe660a4accc522b6e31e72d0566c6f.exe	16
PID 1772 wrote to memory of 2252	1772	05fe660a4accc522b6e31e72d0566c6f.exe	16

C:\Users\Admin\AppData\Local\Temp\05fe660a4accc522b6e31e72d0566c6f.exe
"C:\Users\Admin\AppData\Local\Temp\05fe660a4accc522b6e31e72d0566c6f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 100
  2⤵
  - Program crash
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-0-0x0000000000310000-0x0000000000351000-memory.dmp

Filesize
260KB

Download