013e3397736af3e4ce708d47ec862a9c27006759b6413364c62491c5f1623f45 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:25

Sharing

Report Analysis Logs

General

Target

1358fa2555ac84025498c939442c948c.exe
Size

21KB
MD5

1358fa2555ac84025498c939442c948c
SHA1

c7b7ea4dedbc75714c18f5638330fbe8d3a416ba
SHA256

013e3397736af3e4ce708d47ec862a9c27006759b6413364c62491c5f1623f45
SHA512

a4fd32f3317db3371f46c5773834a246eddf4e5249e5136a1d956ca748b75c2263b1c3b385fb02c7f0c7a505779534c3a6d015c3b65675ad90eb955fd62de410
SSDEEP

384:isGnXRZJNrhms4x7l8bXMjeELdKqA6xQskjKMm:BwDHrGx72TSewQskXm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	1156	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2184	1156	1358fa2555ac84025498c939442c948c.exe	28
PID 1156 wrote to memory of 2184	1156	1358fa2555ac84025498c939442c948c.exe	28
PID 1156 wrote to memory of 2184	1156	1358fa2555ac84025498c939442c948c.exe	28
PID 1156 wrote to memory of 2184	1156	1358fa2555ac84025498c939442c948c.exe	28

C:\Users\Admin\AppData\Local\Temp\1358fa2555ac84025498c939442c948c.exe
"C:\Users\Admin\AppData\Local\Temp\1358fa2555ac84025498c939442c948c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 88
  2⤵
  - Program crash
  PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads