99afa9c16b7605718edd84296724d46e20fd47f60589afd90cf4e9ad42a5e94f | Triage

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 05:40

Sharing

Report Analysis Logs

General

Target

4a9517d97abfff755e8712e34a63f81b.exe
Size

55KB
MD5

4a9517d97abfff755e8712e34a63f81b
SHA1

b294f458fa22e109f261e7e7bbe702fa8b633b44
SHA256

99afa9c16b7605718edd84296724d46e20fd47f60589afd90cf4e9ad42a5e94f
SHA512

6cf10c3ed38d17b6940d2c88115a2f79a4dc382d8a8ee1b973bc3de2f33e958c5e6a3d0701f136a26c7f1e448fdb9b209e7388d430204e5c7325634a4a2fa223
SSDEEP

1536:IQ+F7s/jIJQmkV7KNAvmthKsEaqfDl7dwBE6Evy:IHF7s/jIJQm7AeRE/lGzEa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	2092	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2752	2092	4a9517d97abfff755e8712e34a63f81b.exe	17
PID 2092 wrote to memory of 2752	2092	4a9517d97abfff755e8712e34a63f81b.exe	17
PID 2092 wrote to memory of 2752	2092	4a9517d97abfff755e8712e34a63f81b.exe	17
PID 2092 wrote to memory of 2752	2092	4a9517d97abfff755e8712e34a63f81b.exe	17

C:\Users\Admin\AppData\Local\Temp\4a9517d97abfff755e8712e34a63f81b.exe
"C:\Users\Admin\AppData\Local\Temp\4a9517d97abfff755e8712e34a63f81b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 36
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2092-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2092-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2092-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2092-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download