6b9acf2cb17f7939afe7fe92f1c6444f5808f809181efa0f9fdbf6a4c0f41cf5 | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:37

Sharing

Report Analysis Logs

General

Target

0728fda1a341216ebb06c23129969b95.exe
Size

27KB
MD5

0728fda1a341216ebb06c23129969b95
SHA1

1b8928c7431bf89d4b8aefd4d02459b75d3d152c
SHA256

6b9acf2cb17f7939afe7fe92f1c6444f5808f809181efa0f9fdbf6a4c0f41cf5
SHA512

0689e9a34d0d9afab14392f567153dca30673908ddb1e22c7754f343484b9ba43191d5aee55bd7a9ea507eb5592f5b9b916ef4fc76a9c6f16b9cfa107063e396
SSDEEP

768:Tl2Km2qrQT2GaWdQWMvn0kgVfcvFIjswVYz8R:EKZqrQeHWfjfcvF3wVYz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2428	2916	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2428	2916	0728fda1a341216ebb06c23129969b95.exe	28
PID 2916 wrote to memory of 2428	2916	0728fda1a341216ebb06c23129969b95.exe	28
PID 2916 wrote to memory of 2428	2916	0728fda1a341216ebb06c23129969b95.exe	28
PID 2916 wrote to memory of 2428	2916	0728fda1a341216ebb06c23129969b95.exe	28

C:\Users\Admin\AppData\Local\Temp\0728fda1a341216ebb06c23129969b95.exe
"C:\Users\Admin\AppData\Local\Temp\0728fda1a341216ebb06c23129969b95.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 120
  2⤵
  - Program crash
  PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2916-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download