b0494b3a7553239539f356560061704408ac2cbf4fbbfce900130df42bc59923 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 04:55

Sharing

Report Analysis Logs

General

Target

2905a5191baf33e9d64d133b7c1d476f.exe
Size

3KB
MD5

2905a5191baf33e9d64d133b7c1d476f
SHA1

bfd4fed10d9e84f2fa4d604aff4378acd7714e23
SHA256

b0494b3a7553239539f356560061704408ac2cbf4fbbfce900130df42bc59923
SHA512

e1b5085cf89f9ee76c453f13764343a731fd0f6b4775ef293141bea1061c379126104061099e4c2b72222f95af17774e53efccd1b3b51218fe618513c329aa43

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
852	2916	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 852	2916	2905a5191baf33e9d64d133b7c1d476f.exe	17
PID 2916 wrote to memory of 852	2916	2905a5191baf33e9d64d133b7c1d476f.exe	17
PID 2916 wrote to memory of 852	2916	2905a5191baf33e9d64d133b7c1d476f.exe	17
PID 2916 wrote to memory of 852	2916	2905a5191baf33e9d64d133b7c1d476f.exe	17

C:\Users\Admin\AppData\Local\Temp\2905a5191baf33e9d64d133b7c1d476f.exe
"C:\Users\Admin\AppData\Local\Temp\2905a5191baf33e9d64d133b7c1d476f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 36
  2⤵
  - Program crash
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2916-0-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download