e010c7f29821cbc3ee7a55e0706f7e536748386417380013e53f9ceca139f7c4 | Triage

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:35

Sharing

Report Analysis Logs

General

Target

24af321e5ab73e0e5afc0dd730f81d89.exe
Size

42KB
MD5

24af321e5ab73e0e5afc0dd730f81d89
SHA1

37e06a0dc7096a0f97057b13ccfdd1941c61314c
SHA256

e010c7f29821cbc3ee7a55e0706f7e536748386417380013e53f9ceca139f7c4
SHA512

a7970893c8fe7b9fad90389e89bdd4dbc9baf822073ed307cb505ed7538954caecf79e7b53f36638f7205a623470878bc0c46aa94b7faebf21d24f0d8c3ffa31
SSDEEP

768:JnyrqR+QOjwaH3K/uZKKkIl1dg4Gt56ofqki:crqQQ0XK2ZFfvGD6ofqk

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1984	2256	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1984	2256	24af321e5ab73e0e5afc0dd730f81d89.exe	14
PID 2256 wrote to memory of 1984	2256	24af321e5ab73e0e5afc0dd730f81d89.exe	14
PID 2256 wrote to memory of 1984	2256	24af321e5ab73e0e5afc0dd730f81d89.exe	14
PID 2256 wrote to memory of 1984	2256	24af321e5ab73e0e5afc0dd730f81d89.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 120
1⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\24af321e5ab73e0e5afc0dd730f81d89.exe
"C:\Users\Admin\AppData\Local\Temp\24af321e5ab73e0e5afc0dd730f81d89.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x0000000010000000-0x0000000010104000-memory.dmp

Filesize
1.0MB

Download