73f68ec36f481f2c0ac0dcac9d27c9361f47ce7640b1f7879194ed6e467a3930 | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 11:03

Sharing

Report Analysis Logs

General

Target

40b037cb93392ff45bddeaf3a710bfd5.exe
Size

26KB
MD5

40b037cb93392ff45bddeaf3a710bfd5
SHA1

36fa24ba3de7344f1aaadf815512b83328b37bb1
SHA256

73f68ec36f481f2c0ac0dcac9d27c9361f47ce7640b1f7879194ed6e467a3930
SHA512

bedebb89c5f12ad7194347e9dd904ac657da8bb65783ec0bf4903586d9902f95c4f40d8f198997d1751dfc77ab0feb56ff1aa6e0f322637260e1f8294d528372
SSDEEP

768:/YgFVjCrOvfIB606qtiHfh8j8oTGReAP+rrlT95/W:/YgTFYqqoHfh0bGRsrrlK

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2776	1052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2776	1052	40b037cb93392ff45bddeaf3a710bfd5.exe	28
PID 1052 wrote to memory of 2776	1052	40b037cb93392ff45bddeaf3a710bfd5.exe	28
PID 1052 wrote to memory of 2776	1052	40b037cb93392ff45bddeaf3a710bfd5.exe	28
PID 1052 wrote to memory of 2776	1052	40b037cb93392ff45bddeaf3a710bfd5.exe	28

C:\Users\Admin\AppData\Local\Temp\40b037cb93392ff45bddeaf3a710bfd5.exe
"C:\Users\Admin\AppData\Local\Temp\40b037cb93392ff45bddeaf3a710bfd5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 36
  2⤵
  - Program crash
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1052-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download