45df233ae197641c5aba439b3beffcb57d43af3f0186e535cac61eeeb0d0c2c5 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:02

Sharing

Report Analysis Logs

General

Target

2c992c2ba02cc48e9e755d5cb7a89856.exe
Size

100KB
MD5

2c992c2ba02cc48e9e755d5cb7a89856
SHA1

977bbb6a4d4d51dce36b0d189c9d0c8a35b66e53
SHA256

45df233ae197641c5aba439b3beffcb57d43af3f0186e535cac61eeeb0d0c2c5
SHA512

c059619055162bf17e825981e6625ebae6c72b2c9852f0abb00716719d0c27b015f070dc1d844ddf6e0502a8205c76c511884edcd42d74391fd02799cb124a12
SSDEEP

1536:QVtGc82NTzw8MGAc4ohrPXo+73Rez8b0SyuNIjnZq:4wLurPX7CuCnY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	1676	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1676	2c992c2ba02cc48e9e755d5cb7a89856.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2752	1676	2c992c2ba02cc48e9e755d5cb7a89856.exe	28
PID 1676 wrote to memory of 2752	1676	2c992c2ba02cc48e9e755d5cb7a89856.exe	28
PID 1676 wrote to memory of 2752	1676	2c992c2ba02cc48e9e755d5cb7a89856.exe	28
PID 1676 wrote to memory of 2752	1676	2c992c2ba02cc48e9e755d5cb7a89856.exe	28

C:\Users\Admin\AppData\Local\Temp\2c992c2ba02cc48e9e755d5cb7a89856.exe
"C:\Users\Admin\AppData\Local\Temp\2c992c2ba02cc48e9e755d5cb7a89856.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 188
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads