f09d8f7dacbef5f993af1c98f0943ec2b304003b188076393d0a0ca0b8145879 | Triage

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26876f9612d58e63f9e4a88b2bc91bdc.exe
Size

2KB
MD5

26876f9612d58e63f9e4a88b2bc91bdc
SHA1

ed083395c002e1856ea0c33c208ceca3e94f38dd
SHA256

f09d8f7dacbef5f993af1c98f0943ec2b304003b188076393d0a0ca0b8145879
SHA512

2aa8ef5e90ed76bc79e28d76714495f33ac8f1a86873dd46eed317e2b5dff234a7bb2a360098864dcda8af06b9469cc5b7802dbb4f90c2e8faaa2c6ea06680fa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2744	804	WerFault.exe	21

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2744	804	26876f9612d58e63f9e4a88b2bc91bdc.exe	29
PID 804 wrote to memory of 2744	804	26876f9612d58e63f9e4a88b2bc91bdc.exe	29
PID 804 wrote to memory of 2744	804	26876f9612d58e63f9e4a88b2bc91bdc.exe	29
PID 804 wrote to memory of 2744	804	26876f9612d58e63f9e4a88b2bc91bdc.exe	29

C:\Users\Admin\AppData\Local\Temp\26876f9612d58e63f9e4a88b2bc91bdc.exe
"C:\Users\Admin\AppData\Local\Temp\26876f9612d58e63f9e4a88b2bc91bdc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 120
  2⤵
  - Program crash
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download