436ea145eca7454c7addbb4b562bcef963ef8509532499bc991a49a4670a424f | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:37

Sharing

Report Analysis Logs

General

Target

0a4f5b9f2b4dcba0843614293a7094d7.exe
Size

437KB
MD5

0a4f5b9f2b4dcba0843614293a7094d7
SHA1

9aa3741ce2c31a409d5684a1a53ab358b5cd9ef5
SHA256

436ea145eca7454c7addbb4b562bcef963ef8509532499bc991a49a4670a424f
SHA512

f70ef3901b952647fbee4b00ec1e2f1cf6609b4fb7d6ec8824fbd4e9859cea8294aeb22b50b24f147056615ea7c8a28f1f23b684b6588199bdf5857af2658951
SSDEEP

12288:Z9Z8m5DuEy2f+73v3m0/HkWRpsslw9rVq:Z9Z8mPrm73n/nNlw9rVq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2632	284	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 284 wrote to memory of 2632	284	0a4f5b9f2b4dcba0843614293a7094d7.exe	28
PID 284 wrote to memory of 2632	284	0a4f5b9f2b4dcba0843614293a7094d7.exe	28
PID 284 wrote to memory of 2632	284	0a4f5b9f2b4dcba0843614293a7094d7.exe	28
PID 284 wrote to memory of 2632	284	0a4f5b9f2b4dcba0843614293a7094d7.exe	28

C:\Users\Admin\AppData\Local\Temp\0a4f5b9f2b4dcba0843614293a7094d7.exe
"C:\Users\Admin\AppData\Local\Temp\0a4f5b9f2b4dcba0843614293a7094d7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 116
  2⤵
  - Program crash
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/284-0-0x0000000000940000-0x00000000009B1000-memory.dmp

Filesize
452KB

Download