355dc4adaf2368f0e4dd306a8840dc0d2ff0e9c0768d0974b2f13ae3737a6168 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 12:31

Sharing

Report Analysis Logs

General

Target

out.exe
Size

3.0MB
MD5

f2d895ce3167efb3ad556c38dc51f1f7
SHA1

54ba4af15c785e76bde958f89cc13accbb03ad15
SHA256

ca6f11f858b378d959b99fea0edc4d89d0340bbcbc79e9829bb82072cb5bc0c7
SHA512

df207645f5e565f0030842938f7d4a45b7b3751499871e9bab79fe1a25697e0721e49fee7aad6295509e45c2a0534a562cee97a47e1621bb06a526031d7bd7bf
SSDEEP

49152:9egAQ+Yg8sxmXXxQjiQspGXtwB0pnk57TosNjLSq6Pq3Ecv9dsiPTg3pg1:9egAQ+YBQeQVmB0pni7TosNKq6adsi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1112 2056 WerFault.exe out.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

out.exe

description	pid	process	target process
PID 2056 wrote to memory of 1112	2056	out.exe	WerFault.exe
PID 2056 wrote to memory of 1112	2056	out.exe	WerFault.exe
PID 2056 wrote to memory of 1112	2056	out.exe	WerFault.exe
PID 2056 wrote to memory of 1112	2056	out.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\out.exe
"C:\Users\Admin\AppData\Local\Temp\out.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 36
2⤵
- Program crash
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads