8c5fdf14428ba99ba057426f6c387e2a2905f474b1fa6031bcb6b027803a3f7b | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1aa2d9bb60061c3196e2367e1f09659a.exe
Size

214KB
MD5

1aa2d9bb60061c3196e2367e1f09659a
SHA1

1ea7229b6cca9d21eb01faa286768d8f3cead4d9
SHA256

8c5fdf14428ba99ba057426f6c387e2a2905f474b1fa6031bcb6b027803a3f7b
SHA512

674ac726bc1265a8af1273d75cccea7e98b9407cfc11f601cf96066ab8c125fae3630dabc57644bf7dcc6c22b4c89c611705e9721a4509ccb292cc4afa8d4938
SSDEEP

6144:ssyXGJ0SX7qUWHsFaNbkOmgZUTMwT6ppYEaX6uC:sXGjrq9fti9MwTMpR5/

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1212	2000	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1212	2000	1aa2d9bb60061c3196e2367e1f09659a.exe	21
PID 2000 wrote to memory of 1212	2000	1aa2d9bb60061c3196e2367e1f09659a.exe	21
PID 2000 wrote to memory of 1212	2000	1aa2d9bb60061c3196e2367e1f09659a.exe	21
PID 2000 wrote to memory of 1212	2000	1aa2d9bb60061c3196e2367e1f09659a.exe	21

C:\Users\Admin\AppData\Local\Temp\1aa2d9bb60061c3196e2367e1f09659a.exe
"C:\Users\Admin\AppData\Local\Temp\1aa2d9bb60061c3196e2367e1f09659a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 36
  2⤵
  - Program crash
  PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download