a91eb008c3aba1b49adec188029f781bc6f3679ee9e9a94bd044691cf6dc1ca7 | Triage

Analysis

max time kernel
156s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:10

Sharing

Report Analysis Logs

General

Target

2400574c1689c5d019de28f93e105aea.exe
Size

72KB
MD5

2400574c1689c5d019de28f93e105aea
SHA1

021eb14c19a7e19421a95d244a8a33acaf205ff1
SHA256

a91eb008c3aba1b49adec188029f781bc6f3679ee9e9a94bd044691cf6dc1ca7
SHA512

19a8b673392ea1b182ffc1942cf78e642d99272f8954e9d3d0953f9b713ae12d8137da50fba14dd18e84780b80d930ea28ada615686c737ca7d6851577f1c1c8
SSDEEP

1536:NwqNNU7qcT7seecf9cl7+XpMXemxlxLEVtS:NF6uQ7p1cl71eokVtS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1300	2924	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1300	2924	2400574c1689c5d019de28f93e105aea.exe	15
PID 2924 wrote to memory of 1300	2924	2400574c1689c5d019de28f93e105aea.exe	15
PID 2924 wrote to memory of 1300	2924	2400574c1689c5d019de28f93e105aea.exe	15
PID 2924 wrote to memory of 1300	2924	2400574c1689c5d019de28f93e105aea.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 92
1⤵
- Program crash
PID:1300

C:\Users\Admin\AppData\Local\Temp\2400574c1689c5d019de28f93e105aea.exe
"C:\Users\Admin\AppData\Local\Temp\2400574c1689c5d019de28f93e105aea.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download