59c5ece533e5e101432755dc863a45c4b4c74da6e728a49a15c1daeb137d0961 | Triage

Analysis

max time kernel
122s
max time network
163s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:38

Sharing

Report Analysis Logs

General

Target

01ff1aef0f6ac3050635c1e385f79b43.exe
Size

50KB
MD5

01ff1aef0f6ac3050635c1e385f79b43
SHA1

1b8b4645394d1948d7619ff465a9cca3661847c8
SHA256

59c5ece533e5e101432755dc863a45c4b4c74da6e728a49a15c1daeb137d0961
SHA512

c79d373ae93cc10191706f33430f84bd22daa917374fd07fa134f74e38346277d25d53c15976b9727614709aee40db18d7c6466f8bd6937ad9832d0c7a864db8
SSDEEP

768:z0hU2nwiL8+KITMwdOfXeiDyAMTDT/Sm:B2wUnKkoX/ydf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2668	2788	WerFault.exe	7

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2788	01ff1aef0f6ac3050635c1e385f79b43.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2668	2788	01ff1aef0f6ac3050635c1e385f79b43.exe	29
PID 2788 wrote to memory of 2668	2788	01ff1aef0f6ac3050635c1e385f79b43.exe	29
PID 2788 wrote to memory of 2668	2788	01ff1aef0f6ac3050635c1e385f79b43.exe	29
PID 2788 wrote to memory of 2668	2788	01ff1aef0f6ac3050635c1e385f79b43.exe	29

C:\Users\Admin\AppData\Local\Temp\01ff1aef0f6ac3050635c1e385f79b43.exe
"C:\Users\Admin\AppData\Local\Temp\01ff1aef0f6ac3050635c1e385f79b43.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 212
  2⤵
  - Program crash
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads