5d1481c35111df016f19e868f9609b357a299f1ce8bfc0c6b51a8a0b79bdc9d6 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:45

Sharing

Report Analysis Logs

General

Target

2504fcd19169a5d8a4ed018f95591633.exe
Size

14KB
MD5

2504fcd19169a5d8a4ed018f95591633
SHA1

d421f765a9147c1c74df41bdff461a6ed5b1e769
SHA256

5d1481c35111df016f19e868f9609b357a299f1ce8bfc0c6b51a8a0b79bdc9d6
SHA512

2a540126d832feffac8ebc6b8e482986559d4de070eafdbd365ce2b52a7666ec83c6d92217cb078cc6658ba5372c1684591f3405f7d931bee4d85070365bc345
SSDEEP

384:ursG8pLAL8NSTYc8hhkaqc+p4wyEYz3Kxvw3NcwLD:+s7piZM2aqc+6wdYm63Ww

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	1820	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2372	1820	2504fcd19169a5d8a4ed018f95591633.exe	28
PID 1820 wrote to memory of 2372	1820	2504fcd19169a5d8a4ed018f95591633.exe	28
PID 1820 wrote to memory of 2372	1820	2504fcd19169a5d8a4ed018f95591633.exe	28
PID 1820 wrote to memory of 2372	1820	2504fcd19169a5d8a4ed018f95591633.exe	28

C:\Users\Admin\AppData\Local\Temp\2504fcd19169a5d8a4ed018f95591633.exe
"C:\Users\Admin\AppData\Local\Temp\2504fcd19169a5d8a4ed018f95591633.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 36
  2⤵
  - Program crash
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1820-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download