e0c22e4dbe66e76dc2dc2808c44dd3d8a3cab4092b2d088c92b2332ea5e8d71f | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 20:11

Sharing

Report Analysis Logs

General

Target

41cd816b2b887f328f3adcdaa374bdf8.exe
Size

126KB
MD5

41cd816b2b887f328f3adcdaa374bdf8
SHA1

2fd282e39ea3a4c4643e00ae81cd49b84c89dac6
SHA256

e0c22e4dbe66e76dc2dc2808c44dd3d8a3cab4092b2d088c92b2332ea5e8d71f
SHA512

8e5aec6c5757ea44ec19fd04c9e2e36563512ea5839c6c8f956a3c099a71cada14bf13fb3da41d1254ac8dc3303f9d80e0c4c6d332bbd0947deb228476fd123a
SSDEEP

3072:sC3WdV21Cil4oKNYjnfYGe64ABbfo48mIIjEPlu:sp721Cxo4YjfmObJMyEPlu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2056	2872	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2056	2872	41cd816b2b887f328f3adcdaa374bdf8.exe	20
PID 2872 wrote to memory of 2056	2872	41cd816b2b887f328f3adcdaa374bdf8.exe	20
PID 2872 wrote to memory of 2056	2872	41cd816b2b887f328f3adcdaa374bdf8.exe	20
PID 2872 wrote to memory of 2056	2872	41cd816b2b887f328f3adcdaa374bdf8.exe	20

C:\Users\Admin\AppData\Local\Temp\41cd816b2b887f328f3adcdaa374bdf8.exe
"C:\Users\Admin\AppData\Local\Temp\41cd816b2b887f328f3adcdaa374bdf8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 36
  2⤵
  - Program crash
  PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2872-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download