3bfc89a5e25ef515720d081e49d8b357a7fc9e84b7333d4f71861317fe55bc49 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1d6dd0ea419abcc0f03043601b94a096.exe
Size

67KB
MD5

1d6dd0ea419abcc0f03043601b94a096
SHA1

5292a42aab693726a7db30ea5e722049b4894baf
SHA256

3bfc89a5e25ef515720d081e49d8b357a7fc9e84b7333d4f71861317fe55bc49
SHA512

dfbbf56ae43ca3f6d5402353cdc84e5a39c43bb77fcee41fea6befe3225a274559e9194f88f8a5a314e731a02179b7d4623e363b9c08c43a85820b2b5bda6640
SSDEEP

1536:/rleS4+HoXi58ffGb1sIe/c3Q9T7ipq6lHD2:MS4+HCi5o0Be+QR7Az

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	2172	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2808	2172	1d6dd0ea419abcc0f03043601b94a096.exe	28
PID 2172 wrote to memory of 2808	2172	1d6dd0ea419abcc0f03043601b94a096.exe	28
PID 2172 wrote to memory of 2808	2172	1d6dd0ea419abcc0f03043601b94a096.exe	28
PID 2172 wrote to memory of 2808	2172	1d6dd0ea419abcc0f03043601b94a096.exe	28

C:\Users\Admin\AppData\Local\Temp\1d6dd0ea419abcc0f03043601b94a096.exe
"C:\Users\Admin\AppData\Local\Temp\1d6dd0ea419abcc0f03043601b94a096.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 88
  2⤵
  - Program crash
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads