0703978ea8688cab78ef16a896e94ca5355433cd35b9e93d34fecf6aa57453f6 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:41

Sharing

Report Analysis Logs

General

Target

0d4331dfc9883a38f1096e834ce34f71.exe
Size

127KB
MD5

0d4331dfc9883a38f1096e834ce34f71
SHA1

a2644ec11fffc7360deaa361870d980b07b94306
SHA256

0703978ea8688cab78ef16a896e94ca5355433cd35b9e93d34fecf6aa57453f6
SHA512

8f1e722c3aa662de1d2e3ebb2cd8064ce7d2a8e195903a38c7c07cceccc352b76140ad5e80f92658783693e45bbb0778649c782ffbb58359b8d314d7d605d56b
SSDEEP

3072:1ZJ0uaFpVYC1ptkffpuPtg9jNAJ4gKHjo5nG9W:Dau8VxftIqmxPJU5G9W

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
912	824	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 912	824	0d4331dfc9883a38f1096e834ce34f71.exe	16
PID 824 wrote to memory of 912	824	0d4331dfc9883a38f1096e834ce34f71.exe	16
PID 824 wrote to memory of 912	824	0d4331dfc9883a38f1096e834ce34f71.exe	16
PID 824 wrote to memory of 912	824	0d4331dfc9883a38f1096e834ce34f71.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 36
1⤵
- Program crash
PID:912

C:\Users\Admin\AppData\Local\Temp\0d4331dfc9883a38f1096e834ce34f71.exe
"C:\Users\Admin\AppData\Local\Temp\0d4331dfc9883a38f1096e834ce34f71.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/824-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download