cd4b4566460611a2dfa75f755270d5b2f56edff3d50a9ef6be8b3c92728c46a3 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 12:29

Sharing

Report Analysis Logs

General

Target

out.exe
Size

3.9MB
MD5

c4d8f9d2ebe997ad21f9d5ad0d8ac31a
SHA1

0f7ac5007b73c608233d482cd8ad24ee3da734dc
SHA256

61033f4e5908e6f85058725d233205c4424814fb12154599cb6927b1968f3c78
SHA512

818284f998c31daf391cb5203bf396d66ae8159e303a0904c26650a61d30ea74225044b4b52f0fb727753e8851246aede5d75b4fbc6223e89e1926b323820796
SSDEEP

49152:gqgTYxi19Sl56EixSSvXl5/Jdmir6V2xL02Ul3Suynuw0zMAl9rurLc3Z:gqgWkQl5jYNQiGVgja3GLc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2224	1716	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2224	1716	out.exe	14
PID 1716 wrote to memory of 2224	1716	out.exe	14
PID 1716 wrote to memory of 2224	1716	out.exe	14
PID 1716 wrote to memory of 2224	1716	out.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 36
1⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads