88dad4e9505af471bf884f15967336c2194ae882d62abe87582cc37453e955a8 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:39

Sharing

Report Analysis Logs

General

Target

3a14ba03fcd9de0d13bc25886a404889.exe
Size

36KB
MD5

3a14ba03fcd9de0d13bc25886a404889
SHA1

e7af049047040baf5894326bbf89699ec26c439e
SHA256

88dad4e9505af471bf884f15967336c2194ae882d62abe87582cc37453e955a8
SHA512

f32ceb0d2db669774ef1e1fee3b31b3cbba43dc8d05463ef8715856cf2acbc214bd7a86f60fdd1975984bc9e9dfdbf81d95b6f5c9a7e215b7ae062521cf7cf10
SSDEEP

768:1IMOrAsxTthJ1ytul5UEHYwZJfUahdmy1AePz4G7fr93:1MPthJUtaHYwZ/fz4mf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	1152	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2288	1152	3a14ba03fcd9de0d13bc25886a404889.exe	19
PID 1152 wrote to memory of 2288	1152	3a14ba03fcd9de0d13bc25886a404889.exe	19
PID 1152 wrote to memory of 2288	1152	3a14ba03fcd9de0d13bc25886a404889.exe	19
PID 1152 wrote to memory of 2288	1152	3a14ba03fcd9de0d13bc25886a404889.exe	19

C:\Users\Admin\AppData\Local\Temp\3a14ba03fcd9de0d13bc25886a404889.exe
"C:\Users\Admin\AppData\Local\Temp\3a14ba03fcd9de0d13bc25886a404889.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 44
  2⤵
  - Program crash
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads