dd5d35fc19a56fb3d2d1917881e174243c932fd96e5a4f3995f37b9dcda139e5 | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 12:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b764b551a87339667f4cc56a92e3888.exe
Size

354KB
MD5

4b764b551a87339667f4cc56a92e3888
SHA1

efc85841acca5a3cfed76244d7d28dc5e34a475c
SHA256

dd5d35fc19a56fb3d2d1917881e174243c932fd96e5a4f3995f37b9dcda139e5
SHA512

932a7712a92d59ea4c66ffa5f9bc7ec590a436139adddb28fe494a7505898353d6362cc285cfa4eeef8e5b28b041f88532fb132ca7dbdb6dc3aebf6756ce058f
SSDEEP

6144:fb1EPc/MKqz0NqBXD2L+XX3N5myYM78wBgPSsa8N3:f6zz0N4D2LY5957NC53

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2992	2936	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2992	2936	4b764b551a87339667f4cc56a92e3888.exe	14
PID 2936 wrote to memory of 2992	2936	4b764b551a87339667f4cc56a92e3888.exe	14
PID 2936 wrote to memory of 2992	2936	4b764b551a87339667f4cc56a92e3888.exe	14
PID 2936 wrote to memory of 2992	2936	4b764b551a87339667f4cc56a92e3888.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 88
1⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\4b764b551a87339667f4cc56a92e3888.exe
"C:\Users\Admin\AppData\Local\Temp\4b764b551a87339667f4cc56a92e3888.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2936-0-0x0000000000400000-0x00000000004B7016-memory.dmp

Filesize
732KB

Download