1e89ca200beb9cec2cd0faa2d2a90046146fe560c21fb40a1bf267187037f0ea | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 06:07

Sharing

Report Analysis Logs

General

Target

4016fcf9f98efd02f7dcca8d70855b34.exe
Size

13KB
MD5

4016fcf9f98efd02f7dcca8d70855b34
SHA1

a22ab1f34ab2c1a8f4fb8ad5ec36825974ce5594
SHA256

1e89ca200beb9cec2cd0faa2d2a90046146fe560c21fb40a1bf267187037f0ea
SHA512

ee87bb2ffccfddd2d533d6a00b42cdb59c67467d39107617f2850b63a09bf4b9d1134044f55099e00db82c67c3dad88d4931455be44917e4321892f43345490b
SSDEEP

384:aTnqcIEAKn7CwVCOEHs3Rh+UBsDu1uYAHY:aTjp97C1Wh+UBsDu1uxH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2380 1360 WerFault.exe 4016fcf9f98efd02f7dcca8d70855b34.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4016fcf9f98efd02f7dcca8d70855b34.exe

description	pid	process	target process
PID 1360 wrote to memory of 2380	1360	4016fcf9f98efd02f7dcca8d70855b34.exe	WerFault.exe
PID 1360 wrote to memory of 2380	1360	4016fcf9f98efd02f7dcca8d70855b34.exe	WerFault.exe
PID 1360 wrote to memory of 2380	1360	4016fcf9f98efd02f7dcca8d70855b34.exe	WerFault.exe
PID 1360 wrote to memory of 2380	1360	4016fcf9f98efd02f7dcca8d70855b34.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\4016fcf9f98efd02f7dcca8d70855b34.exe
"C:\Users\Admin\AppData\Local\Temp\4016fcf9f98efd02f7dcca8d70855b34.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 480
2⤵
- Program crash
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download