a968e0672e7f7cacdaac0837a866f8f8922726803cf9d3172210080816a90cc8 | Triage

Analysis

max time kernel
178s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:28

Sharing

Report Analysis Logs

General

Target

03218d3904f29ec4bc0380b92e734f15.exe
Size

364KB
MD5

03218d3904f29ec4bc0380b92e734f15
SHA1

a1d3889fa5acbdeedfed7a405ba74a7f8131cf65
SHA256

a968e0672e7f7cacdaac0837a866f8f8922726803cf9d3172210080816a90cc8
SHA512

6a42f54798533d5bbb843f777333b5e6b3106ae8a04df201adc045c439479c0aba773661cbfdbbeeef56116becfe1499b3243218c427f84464723440cd5ee59b
SSDEEP

6144:n/YF/EVEgWl7iNmXmuIcFrrz9QJG0tUDD2T:n/wEVVQ28XmuIctrz9MG0232

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2652	1120	WerFault.exe	87
2712	1120	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\03218d3904f29ec4bc0380b92e734f15.exe
"C:\Users\Admin\AppData\Local\Temp\03218d3904f29ec4bc0380b92e734f15.exe"
1⤵
PID:1120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 572
  2⤵
  - Program crash
  PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 572
  2⤵
  - Program crash
  PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1120 -ip 1120
1⤵
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1120 -ip 1120
1⤵
PID:3776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1120-3-0x0000000000760000-0x0000000000860000-memory.dmp

Filesize
1024KB

Download
memory/1120-4-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download