14ecb7089554697a21a7fa9cb79c823f8202c961d436a8be0b5eeaffd6ea8084 | Triage

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 18:05

Sharing

Report Analysis Logs

General

Target

418e843385c2781ba22b8e19d01e4bbc.exe
Size

56KB
MD5

418e843385c2781ba22b8e19d01e4bbc
SHA1

5488ae257f8dac2d1becc1e1e311cd5c6db8ea4f
SHA256

14ecb7089554697a21a7fa9cb79c823f8202c961d436a8be0b5eeaffd6ea8084
SHA512

08b1651e91fcfdf1c23883230feaad126883ce8493abf1486a1c303b3ee682a36d3679f335369085c2d225355ddcd9b282294ff4b86d9d70df792a77c3522e62
SSDEEP

1536:Q6IGUb3cKzcq5Ms4nniWa04/jlpyR2IxTjwJmDev:QfGUbzcf1nnfa0ui/wM4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	1948	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2060	1948	418e843385c2781ba22b8e19d01e4bbc.exe	28
PID 1948 wrote to memory of 2060	1948	418e843385c2781ba22b8e19d01e4bbc.exe	28
PID 1948 wrote to memory of 2060	1948	418e843385c2781ba22b8e19d01e4bbc.exe	28
PID 1948 wrote to memory of 2060	1948	418e843385c2781ba22b8e19d01e4bbc.exe	28

C:\Users\Admin\AppData\Local\Temp\418e843385c2781ba22b8e19d01e4bbc.exe
"C:\Users\Admin\AppData\Local\Temp\418e843385c2781ba22b8e19d01e4bbc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 36
  2⤵
  - Program crash
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads