36b114f019d94d663cdb01b3a5362ef455988560da01eeeb6ac557c6ae3df5b8 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:30

Sharing

Report Analysis Logs

General

Target

06fb38b2a6caf25ca05526e04d78e16f.exe
Size

1.0MB
MD5

06fb38b2a6caf25ca05526e04d78e16f
SHA1

395bf833bcd4a6b0baad95b9e9266ce56112aad9
SHA256

36b114f019d94d663cdb01b3a5362ef455988560da01eeeb6ac557c6ae3df5b8
SHA512

accef07c4366e944019ab4bac546550ccce98bf1ed65ee6d4836c0cd531c0bce5f894e609254c5c2ff1102ee4dd0ba9992f17219b69b1a610fa45ec8500cfd2b
SSDEEP

24576:BiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPg8oUvl:Puj06wdU9MZMmtt

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2700	2800	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2700	2800	06fb38b2a6caf25ca05526e04d78e16f.exe	29
PID 2800 wrote to memory of 2700	2800	06fb38b2a6caf25ca05526e04d78e16f.exe	29
PID 2800 wrote to memory of 2700	2800	06fb38b2a6caf25ca05526e04d78e16f.exe	29
PID 2800 wrote to memory of 2700	2800	06fb38b2a6caf25ca05526e04d78e16f.exe	29

C:\Users\Admin\AppData\Local\Temp\06fb38b2a6caf25ca05526e04d78e16f.exe
"C:\Users\Admin\AppData\Local\Temp\06fb38b2a6caf25ca05526e04d78e16f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 208
  2⤵
  - Program crash
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x0000000001000000-0x000000000110F000-memory.dmp

Filesize
1.1MB

Download