98bf12cda1708bb54b291fe16abd0fb0a58b39b60c5cdd844a450212bcde5486 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:02

Sharing

Report Analysis Logs

General

Target

20f00c0bdc5e3814e5c28c6732d17e38.exe
Size

114KB
MD5

20f00c0bdc5e3814e5c28c6732d17e38
SHA1

3ae63ea3d64b86a1adb3fb12aca922f251decfa2
SHA256

98bf12cda1708bb54b291fe16abd0fb0a58b39b60c5cdd844a450212bcde5486
SHA512

049b92e10a754ff13abc386c678bfee6378a58b6b7ad8a3453eac026fd24f969cdec132c1efb2c19ca28652ec65b611f48cb5ce8fd272058a3e5f4f21e25a4c6
SSDEEP

3072:8XlRPx+pkLUAmcITCxc12xQ/abk5Lx0DRXNG:8XzQaLhmcI+xXQ/S81AXw

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2444	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2116	2444	20f00c0bdc5e3814e5c28c6732d17e38.exe	28
PID 2444 wrote to memory of 2116	2444	20f00c0bdc5e3814e5c28c6732d17e38.exe	28
PID 2444 wrote to memory of 2116	2444	20f00c0bdc5e3814e5c28c6732d17e38.exe	28
PID 2444 wrote to memory of 2116	2444	20f00c0bdc5e3814e5c28c6732d17e38.exe	28

C:\Users\Admin\AppData\Local\Temp\20f00c0bdc5e3814e5c28c6732d17e38.exe
"C:\Users\Admin\AppData\Local\Temp\20f00c0bdc5e3814e5c28c6732d17e38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 92
  2⤵
  - Program crash
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads