21beb4596e2b907bf4244af8094fa16e738c08ad0f6541573bb1288739d6ba41 | Triage

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 07:24

Sharing

Report Analysis Logs

General

Target

3c3d6accc893efb3464b7510d6f72165.exe
Size

424KB
MD5

3c3d6accc893efb3464b7510d6f72165
SHA1

c998034ec97c87a3d5be5af843e7e30296b07e55
SHA256

21beb4596e2b907bf4244af8094fa16e738c08ad0f6541573bb1288739d6ba41
SHA512

da541b85d16640e3c36ebe191af902b868cb6e178a82ac7f35880885bc455cb39ce1a14a3cb29a53249b34fd0f73adb7a571ae227e1f263afb6d1b3e05d045b0
SSDEEP

12288:xfbQLoWLHCfnsRxkgKtvrjQXyqvEjsYV12ms:dbLGHGn0xfCrquhV16

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2268	108	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 2268	108	3c3d6accc893efb3464b7510d6f72165.exe	27
PID 108 wrote to memory of 2268	108	3c3d6accc893efb3464b7510d6f72165.exe	27
PID 108 wrote to memory of 2268	108	3c3d6accc893efb3464b7510d6f72165.exe	27
PID 108 wrote to memory of 2268	108	3c3d6accc893efb3464b7510d6f72165.exe	27

C:\Users\Admin\AppData\Local\Temp\3c3d6accc893efb3464b7510d6f72165.exe
"C:\Users\Admin\AppData\Local\Temp\3c3d6accc893efb3464b7510d6f72165.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 140
  2⤵
  - Program crash
  PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/108-0-0x0000000000190000-0x00000000001D7000-memory.dmp

Filesize
284KB

Download
memory/108-1-0x0000000000190000-0x00000000001D7000-memory.dmp

Filesize
284KB

Download