18d71d1d570fbe72b9fc4647589bae05abeba68d5e8c914ba8766588d55dc343 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:08

Sharing

Report Analysis Logs

General

Target

3936b9693a2b696f71a78de329f4800d.exe
Size

52KB
MD5

3936b9693a2b696f71a78de329f4800d
SHA1

a88769361386838ca1b60b5fa1f7ac24adec6460
SHA256

18d71d1d570fbe72b9fc4647589bae05abeba68d5e8c914ba8766588d55dc343
SHA512

db7f60a04109bbd3122f110f839d092c20d2cc0446e49d48cc3535fa27cf8ced438ce872c0419a190c17696aac8b6c28ca60853f2b9efa935783af06f49fdf7c
SSDEEP

1536:LThh/lSdjTRXjCEgaMhBe9vNw8P3XNUQ8DZXbHnge:LTUULBgek3XB8DBnge

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
296	1740	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 296	1740	3936b9693a2b696f71a78de329f4800d.exe	14
PID 1740 wrote to memory of 296	1740	3936b9693a2b696f71a78de329f4800d.exe	14
PID 1740 wrote to memory of 296	1740	3936b9693a2b696f71a78de329f4800d.exe	14
PID 1740 wrote to memory of 296	1740	3936b9693a2b696f71a78de329f4800d.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 148
1⤵
- Program crash
PID:296

C:\Users\Admin\AppData\Local\Temp\3936b9693a2b696f71a78de329f4800d.exe
"C:\Users\Admin\AppData\Local\Temp\3936b9693a2b696f71a78de329f4800d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download