6c9a9c03b3ef5d7b94125fe916da31fe619557e4fe1f639e702e9ef6ea60a44f | Triage

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 22:01

Sharing

Report Analysis Logs

General

Target

47453ca224eafa0ce89a184ba17b92ae.exe
Size

3KB
MD5

47453ca224eafa0ce89a184ba17b92ae
SHA1

426407c673d5cb701859f49b57790ea66bf48978
SHA256

6c9a9c03b3ef5d7b94125fe916da31fe619557e4fe1f639e702e9ef6ea60a44f
SHA512

bfaeae6ee800b6d0ef3b60a705a9ddc257b24e79f8224f7cdb703cba7a40ec438dc2a399b213ef0685e5a6b9a68d8e6e09be99c4b80ec69c0e1d46a05b8f5cdc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1900	2680	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 1900	2680	47453ca224eafa0ce89a184ba17b92ae.exe	28
PID 2680 wrote to memory of 1900	2680	47453ca224eafa0ce89a184ba17b92ae.exe	28
PID 2680 wrote to memory of 1900	2680	47453ca224eafa0ce89a184ba17b92ae.exe	28
PID 2680 wrote to memory of 1900	2680	47453ca224eafa0ce89a184ba17b92ae.exe	28

C:\Users\Admin\AppData\Local\Temp\47453ca224eafa0ce89a184ba17b92ae.exe
"C:\Users\Admin\AppData\Local\Temp\47453ca224eafa0ce89a184ba17b92ae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 88
  2⤵
  - Program crash
  PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2680-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download