b90800fb6ee3638b3222232ce39fbd5faa534c96c05a52a2fc36ed6068725b07 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:07

Sharing

Report Analysis Logs

General

Target

0298ae12a325b4f5d733c299fbcef55a.exe
Size

169KB
MD5

0298ae12a325b4f5d733c299fbcef55a
SHA1

6086dd7cd6536f21702957a344223047fc35fdcb
SHA256

b90800fb6ee3638b3222232ce39fbd5faa534c96c05a52a2fc36ed6068725b07
SHA512

39736c1c490df49f461eb8df455d67ad9635f13cba714c19a7ff71a26b945171bd90149092a46ab763adb93d622e0f7b204e899b6f460cf1250147408f049f18
SSDEEP

3072:4cn/l0griiUZ2nymga+00gtUeJ6M/50goikY:762tR0gtz4MR5oiF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	1052	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2288	1052	0298ae12a325b4f5d733c299fbcef55a.exe	15
PID 1052 wrote to memory of 2288	1052	0298ae12a325b4f5d733c299fbcef55a.exe	15
PID 1052 wrote to memory of 2288	1052	0298ae12a325b4f5d733c299fbcef55a.exe	15
PID 1052 wrote to memory of 2288	1052	0298ae12a325b4f5d733c299fbcef55a.exe	15

C:\Users\Admin\AppData\Local\Temp\0298ae12a325b4f5d733c299fbcef55a.exe
"C:\Users\Admin\AppData\Local\Temp\0298ae12a325b4f5d733c299fbcef55a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 36
  2⤵
  - Program crash
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download