c07859f2c588b234924ba13462e96d637450174eade9f83872e01e2cf9922c45 | Triage

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fd83efa0074867349b81254a057e1c0.exe
Size

129KB
MD5

0fd83efa0074867349b81254a057e1c0
SHA1

7abc8a4dde8069d2436ce31e8e875afa87ba4e4e
SHA256

c07859f2c588b234924ba13462e96d637450174eade9f83872e01e2cf9922c45
SHA512

4ae389d93444a19cefc35473c7d5ece1eba7c2049805ff7d3185b9b051025174841b817c27f2280891d04fe08ada08bdfcd325bf006d2d33ac289d4e1af70657
SSDEEP

3072:b4oP8foYbnZlTc2h/NsYYAHLWFEhvPZtOQI5Ql/9F:bdPLYr3h/22LNZIQI5M

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	3028	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2612	3028	0fd83efa0074867349b81254a057e1c0.exe	28
PID 3028 wrote to memory of 2612	3028	0fd83efa0074867349b81254a057e1c0.exe	28
PID 3028 wrote to memory of 2612	3028	0fd83efa0074867349b81254a057e1c0.exe	28
PID 3028 wrote to memory of 2612	3028	0fd83efa0074867349b81254a057e1c0.exe	28

C:\Users\Admin\AppData\Local\Temp\0fd83efa0074867349b81254a057e1c0.exe
"C:\Users\Admin\AppData\Local\Temp\0fd83efa0074867349b81254a057e1c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 152
  2⤵
  - Program crash
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3028-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download