900108b8197ef691cd780115da12b004104ae009a1c5372f7792cdba6ab9bc3c | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:36

Sharing

Report Analysis Logs

General

Target

00a5d012e838926106155cfadf8e4b86.exe
Size

64KB
MD5

00a5d012e838926106155cfadf8e4b86
SHA1

ad571e68efb30fbcbe8d4b46dc4c0b2bf7ef43ca
SHA256

900108b8197ef691cd780115da12b004104ae009a1c5372f7792cdba6ab9bc3c
SHA512

6495b545dc3debd786639baf0d69a2323aaf83d3006845911e118e752d6aee6fd98d41dd30758c689e07952353cce3d5d067c8c7a47ee8997657b5e20e8bfdf6
SSDEEP

1536:eZWKJJMguNNdxzHni3gkyAop4NGDqjL10rQ+0:eZWKJKVNdxDrkyAopCGmyq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1208	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1208	2356	00a5d012e838926106155cfadf8e4b86.exe	28
PID 2356 wrote to memory of 1208	2356	00a5d012e838926106155cfadf8e4b86.exe	28
PID 2356 wrote to memory of 1208	2356	00a5d012e838926106155cfadf8e4b86.exe	28
PID 2356 wrote to memory of 1208	2356	00a5d012e838926106155cfadf8e4b86.exe	28

C:\Users\Admin\AppData\Local\Temp\00a5d012e838926106155cfadf8e4b86.exe
"C:\Users\Admin\AppData\Local\Temp\00a5d012e838926106155cfadf8e4b86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 36
  2⤵
  - Program crash
  PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-0-0x00000000010D0000-0x00000000010F8000-memory.dmp

Filesize
160KB

Download