32d523284aa97113b16f1856f25fed71b87ece771b2e62b831edd5290a38d2b0 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 15:21

Sharing

Report Analysis Logs

General

Target

4bc8a6332f212e3c24fba1463b875f29.exe
Size

66KB
MD5

4bc8a6332f212e3c24fba1463b875f29
SHA1

fd5e1a526a9ac39c07790c59fbe379b9e485614f
SHA256

32d523284aa97113b16f1856f25fed71b87ece771b2e62b831edd5290a38d2b0
SHA512

add4ecb36fb51ca96008b27d8bc3ff105faf670e04d570163777d0a4468b83cfa28e90381102e3841de73d1f7eec96a6969f342b1c0111310a9ec1a61491ff66
SSDEEP

1536:XimT+BUqz0K7UeBHG6/dQ+Zn6jZz3X7yvuFqJxxVfBd:jSBbASf/e/bLykG1fL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1052	1984	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1052	1984	4bc8a6332f212e3c24fba1463b875f29.exe	28
PID 1984 wrote to memory of 1052	1984	4bc8a6332f212e3c24fba1463b875f29.exe	28
PID 1984 wrote to memory of 1052	1984	4bc8a6332f212e3c24fba1463b875f29.exe	28
PID 1984 wrote to memory of 1052	1984	4bc8a6332f212e3c24fba1463b875f29.exe	28

C:\Users\Admin\AppData\Local\Temp\4bc8a6332f212e3c24fba1463b875f29.exe
"C:\Users\Admin\AppData\Local\Temp\4bc8a6332f212e3c24fba1463b875f29.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 36
  2⤵
  - Program crash
  PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download