d172d21226b52a82d6f3f457ee865a1789a2592996cc0c9104b24803f3b6bcc8 | Triage

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25e575aaa44013481c7d5a4d55df239d.exe
Size

123KB
MD5

25e575aaa44013481c7d5a4d55df239d
SHA1

0bb9c6f8d4d32bc3f6ade84cf8eb029b196dbf48
SHA256

d172d21226b52a82d6f3f457ee865a1789a2592996cc0c9104b24803f3b6bcc8
SHA512

525ec8b6a611e9b1ad8b4eb6cb2d5097fb6ea6a5e5d02de04ee4fd3dadbf1cb83154023fac27d95656ca196b7673e85db51e5f205b3596e59f1608c8f928efd4
SSDEEP

3072:E3eJWQyvjjwHfTLx5btEE7fEyws3uWVY:ZWQyLeLnOqfN+W

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2412	632	WerFault.exe	4

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2412	632	25e575aaa44013481c7d5a4d55df239d.exe	28
PID 632 wrote to memory of 2412	632	25e575aaa44013481c7d5a4d55df239d.exe	28
PID 632 wrote to memory of 2412	632	25e575aaa44013481c7d5a4d55df239d.exe	28
PID 632 wrote to memory of 2412	632	25e575aaa44013481c7d5a4d55df239d.exe	28

C:\Users\Admin\AppData\Local\Temp\25e575aaa44013481c7d5a4d55df239d.exe
"C:\Users\Admin\AppData\Local\Temp\25e575aaa44013481c7d5a4d55df239d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 152
  2⤵
  - Program crash
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download