c567d2a52b9e4b778fa77f30819532f0651d7a2b89496d566c30f8e2d7600d30 | Triage

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:58

Sharing

Report Analysis Logs

General

Target

0114cb7273d6df0573e28bd87aa0274f.exe
Size

65KB
MD5

0114cb7273d6df0573e28bd87aa0274f
SHA1

388ba78eae9cfdc45399b3a2de656dcd7e06adfd
SHA256

c567d2a52b9e4b778fa77f30819532f0651d7a2b89496d566c30f8e2d7600d30
SHA512

b7a3392582768e78a68faf871a8dfd2053ac48c4be0799c56922ced86cca80db62cdbe12854c1a8105b32c87f9d100c11315c986a500b5dba92e37ff35e3cb79
SSDEEP

1536:FE0RVxzRVxhXHvwuZfFse+fPui7qX25kRVxDRVxUCpekc:6U4gtseeuimpn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2376	1728	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2376	1728	0114cb7273d6df0573e28bd87aa0274f.exe	16
PID 1728 wrote to memory of 2376	1728	0114cb7273d6df0573e28bd87aa0274f.exe	16
PID 1728 wrote to memory of 2376	1728	0114cb7273d6df0573e28bd87aa0274f.exe	16
PID 1728 wrote to memory of 2376	1728	0114cb7273d6df0573e28bd87aa0274f.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 44
1⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\0114cb7273d6df0573e28bd87aa0274f.exe
"C:\Users\Admin\AppData\Local\Temp\0114cb7273d6df0573e28bd87aa0274f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download