9ac3fea63cca0a82738523259da5141a10e4342f0a76c1bf53ae6b0d17a41f70 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 23:03

Sharing

Report Analysis Logs

General

Target

4cb04d2535696ddd42f7641dca132b2c.exe
Size

17KB
MD5

4cb04d2535696ddd42f7641dca132b2c
SHA1

77a68276204d6836920a529bbc64d62d410de5df
SHA256

9ac3fea63cca0a82738523259da5141a10e4342f0a76c1bf53ae6b0d17a41f70
SHA512

315443848afec4b3393db20cbf12781a7d5abd798a68bad94947245282e89120c2e7f05950f9b7d8cd58e9bba956a3506e76e6ee01bdfb59202ebcb84b1af24f
SSDEEP

384:AhuqgwCYsDEyRE6OHf7W/rlplOMmMKvsapSwaeqUk:Y9gwClc6GopIMmXvsTb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2628	2648	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2628	2648	4cb04d2535696ddd42f7641dca132b2c.exe	28
PID 2648 wrote to memory of 2628	2648	4cb04d2535696ddd42f7641dca132b2c.exe	28
PID 2648 wrote to memory of 2628	2648	4cb04d2535696ddd42f7641dca132b2c.exe	28
PID 2648 wrote to memory of 2628	2648	4cb04d2535696ddd42f7641dca132b2c.exe	28

C:\Users\Admin\AppData\Local\Temp\4cb04d2535696ddd42f7641dca132b2c.exe
"C:\Users\Admin\AppData\Local\Temp\4cb04d2535696ddd42f7641dca132b2c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 144
  2⤵
  - Program crash
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download