83d811aadbc1b6165114c5c8bf80cabee34a65153e96808aeccbd99052e57228 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:20

Sharing

Report Analysis Logs

General

Target

1b3f5131cceced2ce70153d6018c2b48.exe
Size

107KB
MD5

1b3f5131cceced2ce70153d6018c2b48
SHA1

d813a0b13acbbc9d028f3327457d028ecbb3e44d
SHA256

83d811aadbc1b6165114c5c8bf80cabee34a65153e96808aeccbd99052e57228
SHA512

1d1de2c7bd6f5d01ee0adc0e4178ca406b93ffa58129f7438c828695a8fbe9b27107360eeb0ce0d22aed8f26fca3a0b5a8dff519dbe999f2ee7b24b4ccd1016b
SSDEEP

3072:cRa9+ierPKXOQA4Ah5OVA7CUFyTa5y4Vt:cRgNeuXEVh5OG7CAyG5F

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2860	2268	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2860	2268	1b3f5131cceced2ce70153d6018c2b48.exe	14
PID 2268 wrote to memory of 2860	2268	1b3f5131cceced2ce70153d6018c2b48.exe	14
PID 2268 wrote to memory of 2860	2268	1b3f5131cceced2ce70153d6018c2b48.exe	14
PID 2268 wrote to memory of 2860	2268	1b3f5131cceced2ce70153d6018c2b48.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 36
1⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\1b3f5131cceced2ce70153d6018c2b48.exe
"C:\Users\Admin\AppData\Local\Temp\1b3f5131cceced2ce70153d6018c2b48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2268-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download