c539925b36730c4a915f2d2453aff7602810b13cb09d0320a54b1f2c565104c6 | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 16:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a9232d5cb18357a097d3db5792a015c.exe
Size

118KB
MD5

3a9232d5cb18357a097d3db5792a015c
SHA1

3531a642a030a04edbe0e1b41d131c1fcb78286d
SHA256

c539925b36730c4a915f2d2453aff7602810b13cb09d0320a54b1f2c565104c6
SHA512

4bd2a573652f689d7918c1414bf6084a283f6277679f376b4b255367d266d1e1bdd15ded8c44e209ab7e86cae13c0e93aaa973685d453b0e9f7218de6966055a
SSDEEP

1536:thKig4jIabFhJ/CqWM3a6lhNAqwkiYOVsTFbD:qijJJ/B3ag7Aqwki1EFbD

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	2428	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2148	2428	3a9232d5cb18357a097d3db5792a015c.exe	28
PID 2428 wrote to memory of 2148	2428	3a9232d5cb18357a097d3db5792a015c.exe	28
PID 2428 wrote to memory of 2148	2428	3a9232d5cb18357a097d3db5792a015c.exe	28
PID 2428 wrote to memory of 2148	2428	3a9232d5cb18357a097d3db5792a015c.exe	28

C:\Users\Admin\AppData\Local\Temp\3a9232d5cb18357a097d3db5792a015c.exe
"C:\Users\Admin\AppData\Local\Temp\3a9232d5cb18357a097d3db5792a015c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 124
  2⤵
  - Program crash
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2428-0-0x0000000001000000-0x0000000001025E8C-memory.dmp

Filesize
151KB

Download
memory/2428-1-0x0000000001000000-0x0000000001025E8C-memory.dmp

Filesize
151KB

Download