a6eb4c687024d971de26373bf065b47f68cc0e148cf54b329a5e3014cbbee52f | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 12:22

Sharing

Report Analysis Logs

General

Target

43ac9b51f40c45efc3a231c3a59891b2.exe
Size

4.1MB
MD5

43ac9b51f40c45efc3a231c3a59891b2
SHA1

4f46cdbe02b6fccb1ae414ddaf29831a0f744708
SHA256

a6eb4c687024d971de26373bf065b47f68cc0e148cf54b329a5e3014cbbee52f
SHA512

b9572f7e7a7556e13a75b5456bc3c34e072bcee9d3a40eacd408063be03c1abf54656e2a3c1adafa3440e8258fa70b72f2b037680354e6db47918c1aa2680a6f
SSDEEP

98304:Rio/y82UXCFzuAyXTRTFTD/Ioq17q+YcaS/qrIaW:RiO6zu5XVRIoq8+z7BaW

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2404	1564	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 2404	1564	43ac9b51f40c45efc3a231c3a59891b2.exe	28
PID 1564 wrote to memory of 2404	1564	43ac9b51f40c45efc3a231c3a59891b2.exe	28
PID 1564 wrote to memory of 2404	1564	43ac9b51f40c45efc3a231c3a59891b2.exe	28
PID 1564 wrote to memory of 2404	1564	43ac9b51f40c45efc3a231c3a59891b2.exe	28

C:\Users\Admin\AppData\Local\Temp\43ac9b51f40c45efc3a231c3a59891b2.exe
"C:\Users\Admin\AppData\Local\Temp\43ac9b51f40c45efc3a231c3a59891b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 128
  2⤵
  - Program crash
  PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads