66c0654fbd8fe346d0b39dc7c72ef7de15e2ae01fca6f271708c06d90044832c | Triage

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1778d548e61f403859eeaf05fccf630e.exe
Size

61KB
MD5

1778d548e61f403859eeaf05fccf630e
SHA1

c1364c2ddc8d8453a5ba043c4da7b1aa16ca6bc3
SHA256

66c0654fbd8fe346d0b39dc7c72ef7de15e2ae01fca6f271708c06d90044832c
SHA512

dd65b0b8bf5861477f7b8ce0a43e695ce60f28fe376914a0c530b5e67e7053983a78ec078b72a8e6085ca9e1ffb52ccd2eea9cb178b1919772e493877b379f10
SSDEEP

1536:AjXhSO1BYzjboHevDeTiVuvSgvrMIZ5Kkc:uxSUBYrozTiVrErTD

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2416	1320	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2416	1320	1778d548e61f403859eeaf05fccf630e.exe	28
PID 1320 wrote to memory of 2416	1320	1778d548e61f403859eeaf05fccf630e.exe	28
PID 1320 wrote to memory of 2416	1320	1778d548e61f403859eeaf05fccf630e.exe	28
PID 1320 wrote to memory of 2416	1320	1778d548e61f403859eeaf05fccf630e.exe	28

C:\Users\Admin\AppData\Local\Temp\1778d548e61f403859eeaf05fccf630e.exe
"C:\Users\Admin\AppData\Local\Temp\1778d548e61f403859eeaf05fccf630e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 108
  2⤵
  - Program crash
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download