0ae4b06e12f5fd6e4f6eadcd8a331aa38d967644b72cfc9f88ac54d84d220aff | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 21:36

Sharing

Report Analysis Logs

General

Target

1d373e200a1bdd5ab86b4d90cf11cddc.exe
Size

12KB
MD5

1d373e200a1bdd5ab86b4d90cf11cddc
SHA1

de96e9cda04ace4193f7f4c6d53194ed3c178d35
SHA256

0ae4b06e12f5fd6e4f6eadcd8a331aa38d967644b72cfc9f88ac54d84d220aff
SHA512

4ed8cf3e9e680ca41cae8f8cc78664d4ea7ba0d6a7421f5163dd1811a755d9860a51030d6b7264afba593f6d22ee44f7b8601e7a62fc68404d0f473f8f713f5e
SSDEEP

96:cfyOcVa/tQYydBPVQeVvznSl+71yQtQKQYQ:c3ia/6YyOl+7MQjQYQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	2508	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2856	2508	1d373e200a1bdd5ab86b4d90cf11cddc.exe	28
PID 2508 wrote to memory of 2856	2508	1d373e200a1bdd5ab86b4d90cf11cddc.exe	28
PID 2508 wrote to memory of 2856	2508	1d373e200a1bdd5ab86b4d90cf11cddc.exe	28
PID 2508 wrote to memory of 2856	2508	1d373e200a1bdd5ab86b4d90cf11cddc.exe	28

C:\Users\Admin\AppData\Local\Temp\1d373e200a1bdd5ab86b4d90cf11cddc.exe
"C:\Users\Admin\AppData\Local\Temp\1d373e200a1bdd5ab86b4d90cf11cddc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 88
  2⤵
  - Program crash
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads