7e66dce6e22c093171e2f835a1a7bc9f4a085ad59a4f7aef05fa693f96e5e021 | Triage

Analysis

max time kernel
145s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 20:36

Sharing

Report Analysis Logs

General

Target

1bf16f6ec780eb1381a676297cd32205.exe
Size

72KB
MD5

1bf16f6ec780eb1381a676297cd32205
SHA1

39cebb739dcdc35101627dc29dea486c3da9711a
SHA256

7e66dce6e22c093171e2f835a1a7bc9f4a085ad59a4f7aef05fa693f96e5e021
SHA512

18fed56af33f2e03bb5cc84ed50d03011a58e27c7cb98610a377bd5b3ddc916693c50f89ed148b0bdf8ae84b4abdfbc121cb19f3a9bea6e206c0f3f242462955
SSDEEP

1536:03/JFHW5xjtHkcTvDMhOc75KhnP/v4PxX:oFcxjtHkccl5aP3GxX

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2740	2524	WerFault.exe	87
2660	2524	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2740	2524	1bf16f6ec780eb1381a676297cd32205.exe	93
PID 2524 wrote to memory of 2740	2524	1bf16f6ec780eb1381a676297cd32205.exe	93
PID 2524 wrote to memory of 2740	2524	1bf16f6ec780eb1381a676297cd32205.exe	93

C:\Users\Admin\AppData\Local\Temp\1bf16f6ec780eb1381a676297cd32205.exe
"C:\Users\Admin\AppData\Local\Temp\1bf16f6ec780eb1381a676297cd32205.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 224
  2⤵
  - Program crash
  PID:2740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 224
  2⤵
  - Program crash
  PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2524 -ip 2524
1⤵
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads