8b3dd09d9accd8f83aecc996b541acf781ed3047a40bf165d0f02f4518f0550c | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 03:42 UTC

Sharing

Report Analysis Logs

General

Target

4530ab42c2dc8afbbfeafc0e7077cccf.exe
Size

44KB
MD5

4530ab42c2dc8afbbfeafc0e7077cccf
SHA1

aad4e817cd0833236552e08931c6f7178f9d12a4
SHA256

8b3dd09d9accd8f83aecc996b541acf781ed3047a40bf165d0f02f4518f0550c
SHA512

418db00b47d7296fa8d74023795b938827b8b48a3d6eca62a3e3dd74971a7c88e5286c5ecc0d26056e70566b0155e5e76124f10de6cb0a23a6f3bacd02b8ea9c
SSDEEP

768:hhDogKFdFTC3vmj42nhm9EMentULjZCOPqgzdpV+:rXG/Qvmj42hm6MentkcOP5p

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2372	1972	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2372	1972	4530ab42c2dc8afbbfeafc0e7077cccf.exe	14
PID 1972 wrote to memory of 2372	1972	4530ab42c2dc8afbbfeafc0e7077cccf.exe	14
PID 1972 wrote to memory of 2372	1972	4530ab42c2dc8afbbfeafc0e7077cccf.exe	14
PID 1972 wrote to memory of 2372	1972	4530ab42c2dc8afbbfeafc0e7077cccf.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 136
1⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\4530ab42c2dc8afbbfeafc0e7077cccf.exe
"C:\Users\Admin\AppData\Local\Temp\4530ab42c2dc8afbbfeafc0e7077cccf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download