4543a992afdc1b7873c962349cf072a7d4bc118a77b94111825395e4243e5bc7 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 20:19

Sharing

Report Analysis Logs

General

Target

47182c63e677f0018bea89b5f5b53ce5.exe
Size

100KB
MD5

47182c63e677f0018bea89b5f5b53ce5
SHA1

29c870d4901d3dd0a843ae0d3501846c6d3dd476
SHA256

4543a992afdc1b7873c962349cf072a7d4bc118a77b94111825395e4243e5bc7
SHA512

e0cacc4cb1e928aa1d1bd25e225a694da2a845b86c821a19aef511fffb062e579c412050c5fa69211c815994cbd1ac73c2aa4e4fad07431a7f891f678abea6f3
SSDEEP

1536:VDYhdrIG7uJAIVcj5BnHT4mJLvgqwD91edrFC5tWO:VylIG7of0HFwD91edrSU

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2200	1696	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2200	1696	47182c63e677f0018bea89b5f5b53ce5.exe	28
PID 1696 wrote to memory of 2200	1696	47182c63e677f0018bea89b5f5b53ce5.exe	28
PID 1696 wrote to memory of 2200	1696	47182c63e677f0018bea89b5f5b53ce5.exe	28
PID 1696 wrote to memory of 2200	1696	47182c63e677f0018bea89b5f5b53ce5.exe	28

C:\Users\Admin\AppData\Local\Temp\47182c63e677f0018bea89b5f5b53ce5.exe
"C:\Users\Admin\AppData\Local\Temp\47182c63e677f0018bea89b5f5b53ce5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 88
  2⤵
  - Program crash
  PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download