1e9cdf8733c7c1af40d089113680fd5734ba39eb66e8c47fcd3a522a0a44b8b0 | Triage

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:42

Sharing

Report Analysis Logs

General

Target

0374b3655042a8cec464306294bdd40e.exe
Size

303KB
MD5

0374b3655042a8cec464306294bdd40e
SHA1

31f071496514d4e083c87637b4a170cc9010cd92
SHA256

1e9cdf8733c7c1af40d089113680fd5734ba39eb66e8c47fcd3a522a0a44b8b0
SHA512

9cc3ac67b0ce766ee606e1d861a7b0b2f4640bbdfba3790a21c60af818e4b69efc8b29536f22dfd5454ce4cb438985ba844bd9514a9f4a4316f43081aee389f6
SSDEEP

6144:gSRKTM7sHkaeV3xQjcCGScvg+pu7scJQvaGRPD:vMTM73aezx3ScvjuY2Qvz7

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\my_sfc_os.dll	0374b3655042a8cec464306294bdd40e.exe
File opened for modification	C:\Windows\my_sfc_os.dll	0374b3655042a8cec464306294bdd40e.exe
File created	C:\Windows\hpig_WS2.dat	0374b3655042a8cec464306294bdd40e.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2652	1796	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2652	1796	0374b3655042a8cec464306294bdd40e.exe	28
PID 1796 wrote to memory of 2652	1796	0374b3655042a8cec464306294bdd40e.exe	28
PID 1796 wrote to memory of 2652	1796	0374b3655042a8cec464306294bdd40e.exe	28
PID 1796 wrote to memory of 2652	1796	0374b3655042a8cec464306294bdd40e.exe	28

C:\Users\Admin\AppData\Local\Temp\0374b3655042a8cec464306294bdd40e.exe
"C:\Users\Admin\AppData\Local\Temp\0374b3655042a8cec464306294bdd40e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 152
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads