dc12d343cfa5ffb0a51d36f052c8785dcb49452ae2ce982761e8abef713525d6 | Triage

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 07:52

Sharing

Report Analysis Logs

General

Target

12a77ffc386c58e9798c2a62ac855eb7.exe
Size

194KB
MD5

12a77ffc386c58e9798c2a62ac855eb7
SHA1

d582f80999f19641e3a09d49efcf0c5c8cf00ca1
SHA256

dc12d343cfa5ffb0a51d36f052c8785dcb49452ae2ce982761e8abef713525d6
SHA512

374bb8c10f5e5cfc3dd2de1b90d146b299415e84b176359ca822cb8cd8660948763cd4df3540533ed1ddced172a064914680e4e8439dda41e5f78eb205732400
SSDEEP

3072:Exf026qbJ1y4GNq5jz+/YiMaVU/Lk0X1JATWIfTxDr:BqHGoq/TMLzk07yT1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2352	2772	WerFault.exe	2

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2352	2772	12a77ffc386c58e9798c2a62ac855eb7.exe	28
PID 2772 wrote to memory of 2352	2772	12a77ffc386c58e9798c2a62ac855eb7.exe	28
PID 2772 wrote to memory of 2352	2772	12a77ffc386c58e9798c2a62ac855eb7.exe	28
PID 2772 wrote to memory of 2352	2772	12a77ffc386c58e9798c2a62ac855eb7.exe	28

C:\Users\Admin\AppData\Local\Temp\12a77ffc386c58e9798c2a62ac855eb7.exe
"C:\Users\Admin\AppData\Local\Temp\12a77ffc386c58e9798c2a62ac855eb7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 92
  2⤵
  - Program crash
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download