53a596916b7a8ba8d8566fcc57f5bc13dc5b2b3d19c9bd88741df9282edbb28e | Triage

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 23:42

Sharing

Report Analysis Logs

General

Target

3f54d36432698d95261a39cb3d7821ac.exe
Size

214KB
MD5

3f54d36432698d95261a39cb3d7821ac
SHA1

be09b4cb57f3bb796a0a82d8a90d4dc30e6b55ac
SHA256

53a596916b7a8ba8d8566fcc57f5bc13dc5b2b3d19c9bd88741df9282edbb28e
SHA512

356e68227973f6b1a295ab5dbb937ce1329f0cc272a80f96175c72b4994ef2dffcc8b8a3bcb0dbf37d224222d75532d0b72cfacadcaf5f86d47b2af6b8a4ec5a
SSDEEP

6144:cCDSiEWkd338sbuB913FcKnvkQgpnMt3r:P2iYas6B91VcKngmr

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	1820	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2672	1820	3f54d36432698d95261a39cb3d7821ac.exe	27
PID 1820 wrote to memory of 2672	1820	3f54d36432698d95261a39cb3d7821ac.exe	27
PID 1820 wrote to memory of 2672	1820	3f54d36432698d95261a39cb3d7821ac.exe	27
PID 1820 wrote to memory of 2672	1820	3f54d36432698d95261a39cb3d7821ac.exe	27

C:\Users\Admin\AppData\Local\Temp\3f54d36432698d95261a39cb3d7821ac.exe
"C:\Users\Admin\AppData\Local\Temp\3f54d36432698d95261a39cb3d7821ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 36
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1820-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download