57d3be5e3c65cb2d72d20778fd71b9259f06eb8b6d72e267bca3413553131a14 | Triage

Analysis

max time kernel
147s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:55

Sharing

Report Analysis Logs

General

Target

07ad743f934a144c3dcf5af40799e70d.exe
Size

128KB
MD5

07ad743f934a144c3dcf5af40799e70d
SHA1

fdba7f8df02825192d34302fac6a693f8dbce3cf
SHA256

57d3be5e3c65cb2d72d20778fd71b9259f06eb8b6d72e267bca3413553131a14
SHA512

c6ebfdf1f993d4cb4c57db27aba98f67b02eca553b392285f814edc6cf1cf47ae249839c28cae485f6b482855dae2a87e0af06049b19e01a902a51ee9e61017e
SSDEEP

3072:hQqRK/MUq0XcrP6O2kPhyaYVmZF32J9Q2KlGNjVYzn:2dFXcT2kYgeLBNjq7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1140	2116	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2116	07ad743f934a144c3dcf5af40799e70d.exe
2116	07ad743f934a144c3dcf5af40799e70d.exe
2116	07ad743f934a144c3dcf5af40799e70d.exe
2116	07ad743f934a144c3dcf5af40799e70d.exe

C:\Users\Admin\AppData\Local\Temp\07ad743f934a144c3dcf5af40799e70d.exe
"C:\Users\Admin\AppData\Local\Temp\07ad743f934a144c3dcf5af40799e70d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 244
  2⤵
  - Program crash
  PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2116 -ip 2116
1⤵
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-0-0x0000000000400000-0x0000000000421200-memory.dmp

Filesize
132KB

Download
memory/2116-1-0x0000000000400000-0x0000000000421200-memory.dmp

Filesize
132KB

Download