6cf5d7bd345d501fc42187b0f7a29a22dcfff385e357f13fe4e932bd64f35ede | Triage

Analysis

max time kernel
117s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02388e0eb25b2ac89b1ace5c8efbfb26.exe
Size

3KB
MD5

02388e0eb25b2ac89b1ace5c8efbfb26
SHA1

e2cf96e457a7d21433abeac2cc05ade5ba961896
SHA256

6cf5d7bd345d501fc42187b0f7a29a22dcfff385e357f13fe4e932bd64f35ede
SHA512

bdab57efc0912789832b20700d33aaa97b17e99fd5f7ce6fc83b6c2e32dd756b6e920398fc0a67b49663775903be8aaf5a78948592327c6fc45390b05ef38828

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2272	2696	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2272	2696	02388e0eb25b2ac89b1ace5c8efbfb26.exe	30
PID 2696 wrote to memory of 2272	2696	02388e0eb25b2ac89b1ace5c8efbfb26.exe	30
PID 2696 wrote to memory of 2272	2696	02388e0eb25b2ac89b1ace5c8efbfb26.exe	30
PID 2696 wrote to memory of 2272	2696	02388e0eb25b2ac89b1ace5c8efbfb26.exe	30

C:\Users\Admin\AppData\Local\Temp\02388e0eb25b2ac89b1ace5c8efbfb26.exe
"C:\Users\Admin\AppData\Local\Temp\02388e0eb25b2ac89b1ace5c8efbfb26.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 36
  2⤵
  - Program crash
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads