55b11dabf1e0f23e3dbd6b999bad891071c0e9426434be6ecc2d7c3190f06270 | Triage

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:50

Sharing

Report Analysis Logs

General

Target

28d916ddd9cbbf2bf7757b8f21368e73.exe
Size

79KB
MD5

28d916ddd9cbbf2bf7757b8f21368e73
SHA1

ca7db33f27922734a92da473a9ae80404650826d
SHA256

55b11dabf1e0f23e3dbd6b999bad891071c0e9426434be6ecc2d7c3190f06270
SHA512

659bc1380ba8a47b36c32673cb7ec9476da1e16e8f7eb18f044e045195a839749fd2b321cc09c06ead1a3f826e18c14304fa1854d0ac1eb0a0c2963114bd851a
SSDEEP

1536:co15MzLpvVwjavf5UpLQCRvsmVt9Biz5gJotr:V15Mzlwa3lCR/oawr

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2876	1484	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 2876	1484	28d916ddd9cbbf2bf7757b8f21368e73.exe	14
PID 1484 wrote to memory of 2876	1484	28d916ddd9cbbf2bf7757b8f21368e73.exe	14
PID 1484 wrote to memory of 2876	1484	28d916ddd9cbbf2bf7757b8f21368e73.exe	14
PID 1484 wrote to memory of 2876	1484	28d916ddd9cbbf2bf7757b8f21368e73.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 88
1⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\28d916ddd9cbbf2bf7757b8f21368e73.exe
"C:\Users\Admin\AppData\Local\Temp\28d916ddd9cbbf2bf7757b8f21368e73.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1484-0-0x0000000044440000-0x0000000044457000-memory.dmp

Filesize
92KB

Download