29839d31663013c83c4185fac13f76bcdd464e70dafded50ad3b76c69a1b8935 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:31

Sharing

Report Analysis Logs

General

Target

1b7ed7cbea668d74d4cd18450945a338.exe
Size

7KB
MD5

1b7ed7cbea668d74d4cd18450945a338
SHA1

f5700ba37d5381888bfd67b25339b80bb66ffa4b
SHA256

29839d31663013c83c4185fac13f76bcdd464e70dafded50ad3b76c69a1b8935
SHA512

32d09a70d4b40f45f13991014a3ee0fb9739324b82d4607642dbbb6a4666c20ae2e189b9c59303f29a12c5c512ca19406dc3b52650aac8a3378132ac85cb48d1
SSDEEP

192:i7NgB/3euYrnuT+WRlJkr+QUg/5E9Hwa99iGHQ+sMbF:ANglfNkiQQ9bn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1536	2372	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1536	2372	1b7ed7cbea668d74d4cd18450945a338.exe	28
PID 2372 wrote to memory of 1536	2372	1b7ed7cbea668d74d4cd18450945a338.exe	28
PID 2372 wrote to memory of 1536	2372	1b7ed7cbea668d74d4cd18450945a338.exe	28
PID 2372 wrote to memory of 1536	2372	1b7ed7cbea668d74d4cd18450945a338.exe	28

C:\Users\Admin\AppData\Local\Temp\1b7ed7cbea668d74d4cd18450945a338.exe
"C:\Users\Admin\AppData\Local\Temp\1b7ed7cbea668d74d4cd18450945a338.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 48
  2⤵
  - Program crash
  PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads