b82c3fd8ab3b9e796cabd14fc4dcc5f1a21aecd1a62ec3428a4c967851a22328 | Triage

Analysis

max time kernel
117s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:30

Sharing

Report Analysis Logs

General

Target

0e85f27e779c8e90b2ea759e795b1fb1.exe
Size

143KB
MD5

0e85f27e779c8e90b2ea759e795b1fb1
SHA1

fd4bd647bf9b05489b71aaa09980276d18500998
SHA256

b82c3fd8ab3b9e796cabd14fc4dcc5f1a21aecd1a62ec3428a4c967851a22328
SHA512

7a88d33df6e08c5edead180b47a835503cda3480fa4c4dbd556f4b645b0cced2b19109d372022c9cc83517c21d53567c75d682bf761ca98fa97e383f7e70a3cc
SSDEEP

3072:ev7lc8b5DSaotFH77SbHHLaN6AYnwKxOggyBPcOY:A7DD3QXSjRtwnKPc1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2596	2764	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2596	2764	0e85f27e779c8e90b2ea759e795b1fb1.exe	29
PID 2764 wrote to memory of 2596	2764	0e85f27e779c8e90b2ea759e795b1fb1.exe	29
PID 2764 wrote to memory of 2596	2764	0e85f27e779c8e90b2ea759e795b1fb1.exe	29
PID 2764 wrote to memory of 2596	2764	0e85f27e779c8e90b2ea759e795b1fb1.exe	29

C:\Users\Admin\AppData\Local\Temp\0e85f27e779c8e90b2ea759e795b1fb1.exe
"C:\Users\Admin\AppData\Local\Temp\0e85f27e779c8e90b2ea759e795b1fb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 36
  2⤵
  - Program crash
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2764-0-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download