2ef7d7d54934e105d5f842326983799ae7f1fc304b1a87c6b306bd58b91c1b4c | Triage

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:25

Sharing

Report Analysis Logs

General

Target

01a7d23c652d17cbd8f0db7e02bdb78c.exe
Size

32KB
MD5

01a7d23c652d17cbd8f0db7e02bdb78c
SHA1

80b187a1c6a97ae62a4d98b3f03b4a08b5fc221b
SHA256

2ef7d7d54934e105d5f842326983799ae7f1fc304b1a87c6b306bd58b91c1b4c
SHA512

09fe0759b0626c3f181d001e18eef48428d9036174dbb9cfc50b3714a25665ba313f1b25b3ba57cfb1d53636c84b812c9769d1b1f01e525f3893e5c1318520d5
SSDEEP

384:aqTqIWiNAZ7wDp/uc5dUygU4f8LDnQTXW79peWcdt:auXRXD4cHUZYD8G

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2540	1748	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2540	1748	01a7d23c652d17cbd8f0db7e02bdb78c.exe	14
PID 1748 wrote to memory of 2540	1748	01a7d23c652d17cbd8f0db7e02bdb78c.exe	14
PID 1748 wrote to memory of 2540	1748	01a7d23c652d17cbd8f0db7e02bdb78c.exe	14
PID 1748 wrote to memory of 2540	1748	01a7d23c652d17cbd8f0db7e02bdb78c.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 48
1⤵
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\01a7d23c652d17cbd8f0db7e02bdb78c.exe
"C:\Users\Admin\AppData\Local\Temp\01a7d23c652d17cbd8f0db7e02bdb78c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1748-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download