18b6f2fa21221a9de5a62dfa194ed7a8f15fcb7eb42beb618ccd8c1e69d090af | Triage

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:51

Sharing

Report Analysis Logs

General

Target

2532c567fc22c68524d1fa9ba2345164.exe
Size

70KB
MD5

2532c567fc22c68524d1fa9ba2345164
SHA1

7f5b2106c5c1e2a99a05acb6b58f216b37396c7f
SHA256

18b6f2fa21221a9de5a62dfa194ed7a8f15fcb7eb42beb618ccd8c1e69d090af
SHA512

263113fe93c0f77e4ac4795a642c336e36e3b49b7fa10567f78ce3c947d0705f1ca04aa3f4a27f109ad88e09cb7360c97741af135b9e59ed235f04ed9a3b7cac
SSDEEP

1536:R41IOJC/HwmjeFAuHL6B1xVJO6i4HQoe0FB58:i1dqSf0/OYHe

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
320	1340	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 320	1340	2532c567fc22c68524d1fa9ba2345164.exe	28
PID 1340 wrote to memory of 320	1340	2532c567fc22c68524d1fa9ba2345164.exe	28
PID 1340 wrote to memory of 320	1340	2532c567fc22c68524d1fa9ba2345164.exe	28
PID 1340 wrote to memory of 320	1340	2532c567fc22c68524d1fa9ba2345164.exe	28

C:\Users\Admin\AppData\Local\Temp\2532c567fc22c68524d1fa9ba2345164.exe
"C:\Users\Admin\AppData\Local\Temp\2532c567fc22c68524d1fa9ba2345164.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 140
  2⤵
  - Program crash
  PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1340-1-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download