eafbb8f9e084bb5d6de529803923e6a5e354aa8a9c3a2ece17f1a6e9b2e3587d | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21f2514beb7d94881f1eb39f811cbcb7.exe
Size

99KB
MD5

21f2514beb7d94881f1eb39f811cbcb7
SHA1

557c7697ab929834393fbdd559d2a958388505be
SHA256

eafbb8f9e084bb5d6de529803923e6a5e354aa8a9c3a2ece17f1a6e9b2e3587d
SHA512

2d10c9a4de11145adf0945735610c911abd4f82ea7e88f2e4b7a8f0d8e5d73e1fa5af8c756505a043e8b6796068d7b96dc79c6b9dbc517568568f30c162796b8
SSDEEP

3072:7PbrzIlgz9QmMjH02ASBP0/dYJvaMsRO9Bv:7PPUgz9+rjASBcdYdcO/

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2808	2608	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2808	2608	21f2514beb7d94881f1eb39f811cbcb7.exe	28
PID 2608 wrote to memory of 2808	2608	21f2514beb7d94881f1eb39f811cbcb7.exe	28
PID 2608 wrote to memory of 2808	2608	21f2514beb7d94881f1eb39f811cbcb7.exe	28
PID 2608 wrote to memory of 2808	2608	21f2514beb7d94881f1eb39f811cbcb7.exe	28

C:\Users\Admin\AppData\Local\Temp\21f2514beb7d94881f1eb39f811cbcb7.exe
"C:\Users\Admin\AppData\Local\Temp\21f2514beb7d94881f1eb39f811cbcb7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 116
  2⤵
  - Program crash
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download