fb4ac4f07e1140cd042aae9e30b8a3d2fdec220e63b87e2222414dcd004e206f | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 23:10

Sharing

Report Analysis Logs

General

Target

4cb2aa674bda76a0dafed2a96afbcadb.exe
Size

56KB
MD5

4cb2aa674bda76a0dafed2a96afbcadb
SHA1

e5195f114d22f6c1e0d98312c245f34db205e609
SHA256

fb4ac4f07e1140cd042aae9e30b8a3d2fdec220e63b87e2222414dcd004e206f
SHA512

f5def42a948ecfe584cd9a0bd940c6facee32f210f4eaf712a2ad1128e7c89fddbfd1a89b4bc1daf16432e28b1558b1ea3741b9d902f0a18683231de3bd1dfe5
SSDEEP

768:CZXC/bZCJrRvy5yH9xsK0df/sBoTe+bsWV49IFNiU:2cigK0dPJFNz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2248	1644	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2248	1644	4cb2aa674bda76a0dafed2a96afbcadb.exe	14
PID 1644 wrote to memory of 2248	1644	4cb2aa674bda76a0dafed2a96afbcadb.exe	14
PID 1644 wrote to memory of 2248	1644	4cb2aa674bda76a0dafed2a96afbcadb.exe	14
PID 1644 wrote to memory of 2248	1644	4cb2aa674bda76a0dafed2a96afbcadb.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 144
1⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\4cb2aa674bda76a0dafed2a96afbcadb.exe
"C:\Users\Admin\AppData\Local\Temp\4cb2aa674bda76a0dafed2a96afbcadb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download