69b6c615a994333da2cd78792c4e9f8d0fe3b15290611a76cf750798d8406185 | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:49

Sharing

Report Analysis Logs

General

Target

3a594d066395d5d8efe21b31786a1e84.exe
Size

25KB
MD5

3a594d066395d5d8efe21b31786a1e84
SHA1

268804bf4654b2daa918a2d056083d2345dd8718
SHA256

69b6c615a994333da2cd78792c4e9f8d0fe3b15290611a76cf750798d8406185
SHA512

501bcce95b74e7e22deb81579be934f2f44f9ba448dec3cd708786392906051e7b05ff155ec70905629a1087f5c3deee8bfb24a3b070ed1537d8719c770a3e4f
SSDEEP

768:XLAXSjvpQpSLv8q2wMJ10gNoKJ7LLCvms7nDHIU:MXSjv8SAqB2102oKNLeucLz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2876	2176	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2876	2176	3a594d066395d5d8efe21b31786a1e84.exe	14
PID 2176 wrote to memory of 2876	2176	3a594d066395d5d8efe21b31786a1e84.exe	14
PID 2176 wrote to memory of 2876	2176	3a594d066395d5d8efe21b31786a1e84.exe	14
PID 2176 wrote to memory of 2876	2176	3a594d066395d5d8efe21b31786a1e84.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 88
1⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\3a594d066395d5d8efe21b31786a1e84.exe
"C:\Users\Admin\AppData\Local\Temp\3a594d066395d5d8efe21b31786a1e84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-1-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2176-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download