52db97fc820f9278f593ef34c6cda03107b154744f56cd8ad2b3a63a14f6a37c | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:53

Sharing

Report Analysis Logs

General

Target

36d8b108b6aa5b78ffc9fdae57bce04d.exe
Size

7KB
MD5

36d8b108b6aa5b78ffc9fdae57bce04d
SHA1

7e68c80c092bd24c129d8a31125fa3c7b0740ef1
SHA256

52db97fc820f9278f593ef34c6cda03107b154744f56cd8ad2b3a63a14f6a37c
SHA512

33e934b34a18e6d45c16e8611c4f66478169754a5fb863078f4c260fdef10ba1530b4c362f915cf3f5b2f990133646dc71833a13eb51ec909c8df09abc63a726
SSDEEP

96:ApXt0CwbaAsqGLENLZoHyCLyDu3jrUGjHcirm6DPzNt:PCC50L8OFAuTrTHcOmOZ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2680	1112	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2680	1112	36d8b108b6aa5b78ffc9fdae57bce04d.exe	29
PID 1112 wrote to memory of 2680	1112	36d8b108b6aa5b78ffc9fdae57bce04d.exe	29
PID 1112 wrote to memory of 2680	1112	36d8b108b6aa5b78ffc9fdae57bce04d.exe	29
PID 1112 wrote to memory of 2680	1112	36d8b108b6aa5b78ffc9fdae57bce04d.exe	29

C:\Users\Admin\AppData\Local\Temp\36d8b108b6aa5b78ffc9fdae57bce04d.exe
"C:\Users\Admin\AppData\Local\Temp\36d8b108b6aa5b78ffc9fdae57bce04d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 564
  2⤵
  - Program crash
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-0-0x0000000000E10000-0x0000000000E18000-memory.dmp

Filesize
32KB

Download
memory/1112-1-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/1112-2-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download