0384fa88c4a140e39007a964f2ab8f9e05d9e9ff7155cb217a6fdc3e29df49f5 | Triage

Analysis

max time kernel
153s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 14:47

Sharing

Report Analysis Logs

General

Target

43f41104c208520cf9e246e9330c9702.exe
Size

69KB
MD5

43f41104c208520cf9e246e9330c9702
SHA1

8d47ec73f05c7634ce0c977dd37e3c12c1d46eab
SHA256

0384fa88c4a140e39007a964f2ab8f9e05d9e9ff7155cb217a6fdc3e29df49f5
SHA512

67dcc5714fa50236960e84573540a636a83c51b9c9ecf4624a6536b12cf2a0de213eb75a86620a725e89b9869aef01ff59ce6a53a88b74d937cf14dc8cf068d9
SSDEEP

1536:dCxg9+5Tf9uDNSQ85GdSu6fvcHUQXlfGGF9K0:f9+ZfYBMGdSu60HUSfGGFE0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2400	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2672	2400	43f41104c208520cf9e246e9330c9702.exe	27
PID 2400 wrote to memory of 2672	2400	43f41104c208520cf9e246e9330c9702.exe	27
PID 2400 wrote to memory of 2672	2400	43f41104c208520cf9e246e9330c9702.exe	27
PID 2400 wrote to memory of 2672	2400	43f41104c208520cf9e246e9330c9702.exe	27

C:\Users\Admin\AppData\Local\Temp\43f41104c208520cf9e246e9330c9702.exe
"C:\Users\Admin\AppData\Local\Temp\43f41104c208520cf9e246e9330c9702.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 88
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2400-1-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download