33afc93e3d3fd8611198eba93ee46b4479ac9689431623ee57d132b7bdb85c92 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:50

Sharing

Report Analysis Logs

General

Target

0aabfa31f77b662b45485ee047d33b60.exe
Size

118KB
MD5

0aabfa31f77b662b45485ee047d33b60
SHA1

48689d51f60ff327ad33085da6882607fa98dbc4
SHA256

33afc93e3d3fd8611198eba93ee46b4479ac9689431623ee57d132b7bdb85c92
SHA512

a155882e219ad7737c0e6b9036af1911ba22c1e5af8bd19a0e9c06a8fb76ef16af1556f55e0f02cfa7b9286c4965f281b12579260d063b34e3d4924c7571071a
SSDEEP

3072:DQuEBii16JjNMbBitTNEKq53AlwUrtqBWHFT0WN6:DIBr6JRvEKq53ijlTi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2088	2468	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2088	2468	0aabfa31f77b662b45485ee047d33b60.exe	14
PID 2468 wrote to memory of 2088	2468	0aabfa31f77b662b45485ee047d33b60.exe	14
PID 2468 wrote to memory of 2088	2468	0aabfa31f77b662b45485ee047d33b60.exe	14
PID 2468 wrote to memory of 2088	2468	0aabfa31f77b662b45485ee047d33b60.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 36
1⤵
- Program crash
PID:2088

C:\Users\Admin\AppData\Local\Temp\0aabfa31f77b662b45485ee047d33b60.exe
"C:\Users\Admin\AppData\Local\Temp\0aabfa31f77b662b45485ee047d33b60.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2468-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2468-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download