d385c83816f02c18e9263c507782265e99b2d723da4e32829ff176f15c8e92c8 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:21

Sharing

Report Analysis Logs

General

Target

1e4ea1ff7d144eb9bcb268e47ce6836e.exe
Size

123KB
MD5

1e4ea1ff7d144eb9bcb268e47ce6836e
SHA1

8f6133b4d35412367e36a534a8e01479e98904af
SHA256

d385c83816f02c18e9263c507782265e99b2d723da4e32829ff176f15c8e92c8
SHA512

d4b7f58d56a759861f1315fb2f91e6e9c5533d231a4ca287f015f47f6800439b50d2668968c6e2e907e25318e5aab1c78aa87cfe0ec200da0a4584e4e0595cc6
SSDEEP

3072:GzigzRgAitFXk3Q8hc9I1eXFReWF3wlfQ:GzdRQr4Q8md3w9Q

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2932	2136	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2932	2136	1e4ea1ff7d144eb9bcb268e47ce6836e.exe	19
PID 2136 wrote to memory of 2932	2136	1e4ea1ff7d144eb9bcb268e47ce6836e.exe	19
PID 2136 wrote to memory of 2932	2136	1e4ea1ff7d144eb9bcb268e47ce6836e.exe	19
PID 2136 wrote to memory of 2932	2136	1e4ea1ff7d144eb9bcb268e47ce6836e.exe	19

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 36
1⤵
- Program crash
PID:2932

C:\Users\Admin\AppData\Local\Temp\1e4ea1ff7d144eb9bcb268e47ce6836e.exe
"C:\Users\Admin\AppData\Local\Temp\1e4ea1ff7d144eb9bcb268e47ce6836e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2136-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2136-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download