b4a4227186c17b00414c8ce87835192fa3bf7feefa7b3cd387461cacbb0fb76f | Triage

Analysis

max time kernel
142s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:58

Sharing

Report Analysis Logs

General

Target

3700b399fa650cd940c64b30585e6dbc.exe
Size

71KB
MD5

3700b399fa650cd940c64b30585e6dbc
SHA1

e81e716b3508a90c74282477ffb3824ea809bb91
SHA256

b4a4227186c17b00414c8ce87835192fa3bf7feefa7b3cd387461cacbb0fb76f
SHA512

07f3d0e315dfa60e7e8fe3af7ebfa0d55f0f64617e42afb217e3f7a7586c762bf9fad44968bd5077be852c0e7cdd674a222eb1b72e80c69ef9b2c3318ccdddb9
SSDEEP

1536:9OY499DAGawWGxcqgULQfF/+3GmHhtGRU96e2q:954DnUGxcPFwlueV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2352	2224	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2352	2224	3700b399fa650cd940c64b30585e6dbc.exe	28
PID 2224 wrote to memory of 2352	2224	3700b399fa650cd940c64b30585e6dbc.exe	28
PID 2224 wrote to memory of 2352	2224	3700b399fa650cd940c64b30585e6dbc.exe	28
PID 2224 wrote to memory of 2352	2224	3700b399fa650cd940c64b30585e6dbc.exe	28

C:\Users\Admin\AppData\Local\Temp\3700b399fa650cd940c64b30585e6dbc.exe
"C:\Users\Admin\AppData\Local\Temp\3700b399fa650cd940c64b30585e6dbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 92
  2⤵
  - Program crash
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2224-1-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download