a5c2d64f41b6d19b3e8b33379f68c2f5500a23985db7ed31cb420a0211835031 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:40

Sharing

Report Analysis Logs

General

Target

18ce292c9f75e77e1d3061c2c2f42cba.exe
Size

13KB
MD5

18ce292c9f75e77e1d3061c2c2f42cba
SHA1

e29234af1030f8889147a03b644f0548a03b57e2
SHA256

a5c2d64f41b6d19b3e8b33379f68c2f5500a23985db7ed31cb420a0211835031
SHA512

30e08564e1b7ced430ad710ba8306ce5d65566019f62e23ad87f7e2f34ce762609c1b07e6db4d1d5d4bf27b513dba9137e1e924ced2f1fdb597a1da2d714e27f
SSDEEP

384:tWeo161skgSyt0sTDFLFdkRFkSgLxMkKOOMu:voAhf5iDHdkTk1hKRM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1696	1860	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1696	1860	18ce292c9f75e77e1d3061c2c2f42cba.exe	28
PID 1860 wrote to memory of 1696	1860	18ce292c9f75e77e1d3061c2c2f42cba.exe	28
PID 1860 wrote to memory of 1696	1860	18ce292c9f75e77e1d3061c2c2f42cba.exe	28
PID 1860 wrote to memory of 1696	1860	18ce292c9f75e77e1d3061c2c2f42cba.exe	28

C:\Users\Admin\AppData\Local\Temp\18ce292c9f75e77e1d3061c2c2f42cba.exe
"C:\Users\Admin\AppData\Local\Temp\18ce292c9f75e77e1d3061c2c2f42cba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 96
  2⤵
  - Program crash
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1860-0-0x0000000000400000-0x000000000040B200-memory.dmp

Filesize
44KB

Download
memory/1860-1-0x0000000000400000-0x000000000040B200-memory.dmp

Filesize
44KB

Download