b3a16874ac9dfd29fb7e30185691fdb276b33efad974d6741de4ecbf29f3811a | Triage

Analysis

max time kernel
118s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:10

Sharing

Report Analysis Logs

General

Target

130fecf21d8c120e31775237c8553afe.exe
Size

84KB
MD5

130fecf21d8c120e31775237c8553afe
SHA1

fc776dfc80207759c2f0a5ffa1060dbf06236bd4
SHA256

b3a16874ac9dfd29fb7e30185691fdb276b33efad974d6741de4ecbf29f3811a
SHA512

784302f0d49bf3a6dd49b016e44933693e6248f950be0779a20dd59643a45d76ba91687ba605b89a3d0efccc9eb19d674032e7a8d0228cc915a50caf84a4129e
SSDEEP

1536:1lgQwkCR4IDNuBhNOV6baOUn0f7pzmVI2:nIDBWNL1Sudz/2

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2856	2664	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2856	2664	130fecf21d8c120e31775237c8553afe.exe	16
PID 2664 wrote to memory of 2856	2664	130fecf21d8c120e31775237c8553afe.exe	16
PID 2664 wrote to memory of 2856	2664	130fecf21d8c120e31775237c8553afe.exe	16
PID 2664 wrote to memory of 2856	2664	130fecf21d8c120e31775237c8553afe.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 92
1⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\130fecf21d8c120e31775237c8553afe.exe
"C:\Users\Admin\AppData\Local\Temp\130fecf21d8c120e31775237c8553afe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads