6abb9fcfecddf41131b418dccdd8b28582c3d1478d7193a4318369f951f305a9 | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:24

Sharing

Report Analysis Logs

General

Target

04638fef3b1b0f5d6f48cee9245a5723.exe
Size

56KB
MD5

04638fef3b1b0f5d6f48cee9245a5723
SHA1

26153c8f40488f09e1f32977771b27545c84c3e7
SHA256

6abb9fcfecddf41131b418dccdd8b28582c3d1478d7193a4318369f951f305a9
SHA512

e63de346e5f52d707e5001f6c95201c17ce2637e23f168cbb129b84e1818aabaaa7949c87dbe52f4c635f838ed1ff90ca724904a1ceaee2fdd7be3d499a357d8
SSDEEP

1536:P7HFVvRSIPdAssJA7ZbS6omQUJk7dWHkc:P7HPvRjlrjZbS6i7dh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1384	1620	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1384	1620	04638fef3b1b0f5d6f48cee9245a5723.exe	28
PID 1620 wrote to memory of 1384	1620	04638fef3b1b0f5d6f48cee9245a5723.exe	28
PID 1620 wrote to memory of 1384	1620	04638fef3b1b0f5d6f48cee9245a5723.exe	28
PID 1620 wrote to memory of 1384	1620	04638fef3b1b0f5d6f48cee9245a5723.exe	28

C:\Users\Admin\AppData\Local\Temp\04638fef3b1b0f5d6f48cee9245a5723.exe
"C:\Users\Admin\AppData\Local\Temp\04638fef3b1b0f5d6f48cee9245a5723.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 88
  2⤵
  - Program crash
  PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download