6da4df1cd9683bf6504d80fba93394c756fd623ab3cd11ab2ec2da590b37483c | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e37216f636bfac7ba1c1bad45952bd1.exe
Size

70KB
MD5

0e37216f636bfac7ba1c1bad45952bd1
SHA1

5fb2633a1a88803f734eebc4072b5b22eadc1d7c
SHA256

6da4df1cd9683bf6504d80fba93394c756fd623ab3cd11ab2ec2da590b37483c
SHA512

d9897f351f6cce55168c802136aae31b829461d5fe7c3bfa8bcc9146c4265d81d2ca49d74ccc42949f3b50be90ff0d0109308072773b299678091c36d1576e7a
SSDEEP

1536:g7YUnn6g+LKstpKHobUiggqAubBWEh4pW3A/TR:yX3+WsXKkghAuVWqA7R

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	3044	WerFault.exe	11

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2136	3044	0e37216f636bfac7ba1c1bad45952bd1.exe	16
PID 3044 wrote to memory of 2136	3044	0e37216f636bfac7ba1c1bad45952bd1.exe	16
PID 3044 wrote to memory of 2136	3044	0e37216f636bfac7ba1c1bad45952bd1.exe	16
PID 3044 wrote to memory of 2136	3044	0e37216f636bfac7ba1c1bad45952bd1.exe	16

C:\Users\Admin\AppData\Local\Temp\0e37216f636bfac7ba1c1bad45952bd1.exe
"C:\Users\Admin\AppData\Local\Temp\0e37216f636bfac7ba1c1bad45952bd1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 88
  2⤵
  - Program crash
  PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-1-0x0000000000220000-0x0000000000230000-memory.dmp

Filesize
64KB

Download
memory/3044-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download