e9367ff0fc147475914751824dddc71834765b413d2e0650325ae1fb38dccf3c | Triage

Analysis

max time kernel
142s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:52

Sharing

Report Analysis Logs

General

Target

0ab9bd79cabef55779f902749e8e0443.exe
Size

105KB
MD5

0ab9bd79cabef55779f902749e8e0443
SHA1

ed70d4b8375a270aed26699f3ebcaba0805d3a19
SHA256

e9367ff0fc147475914751824dddc71834765b413d2e0650325ae1fb38dccf3c
SHA512

7e58af8cc57a0634b38b73e352e713e42afb9b82e1ff73441a359d55c9f14033b3b7accefc8d0db63af4932c611ae180363fe707bbad3b1988d57704b9ea62ea
SSDEEP

3072:Tj0gYQ6gBbFbORNz1d5+3yHNAYZnd7jpT75aW:P0gYQPBxOLz1n+31Ydd755a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
760	2468	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 760	2468	0ab9bd79cabef55779f902749e8e0443.exe	28
PID 2468 wrote to memory of 760	2468	0ab9bd79cabef55779f902749e8e0443.exe	28
PID 2468 wrote to memory of 760	2468	0ab9bd79cabef55779f902749e8e0443.exe	28
PID 2468 wrote to memory of 760	2468	0ab9bd79cabef55779f902749e8e0443.exe	28

C:\Users\Admin\AppData\Local\Temp\0ab9bd79cabef55779f902749e8e0443.exe
"C:\Users\Admin\AppData\Local\Temp\0ab9bd79cabef55779f902749e8e0443.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 92
  2⤵
  - Program crash
  PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2468-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download