b5b53c7954b7ad9dc589b97201608d8e244ba4dba2ec6135b93de8db24c70abd | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 10:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e033a679305a70d782b78f142d8362e.exe
Size

15KB
MD5

4e033a679305a70d782b78f142d8362e
SHA1

5039d163abed8bd72c78963be9e87bd00499ebd7
SHA256

b5b53c7954b7ad9dc589b97201608d8e244ba4dba2ec6135b93de8db24c70abd
SHA512

ada6561ca6c569ada56c52a3d3a57ca271aee4e0c19da00b7218383f37029e775004354e92ae4023fe117c17fa7cf94f4cbe30d54cf027ed4b11429639654e04
SSDEEP

384:IEnYHc7M137v9X0Vj0A1EocPK2iJ8uPA7N1o:IEYHc7A37lX0SoEoc5un

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2064	3020	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2064	3020	4e033a679305a70d782b78f142d8362e.exe	28
PID 3020 wrote to memory of 2064	3020	4e033a679305a70d782b78f142d8362e.exe	28
PID 3020 wrote to memory of 2064	3020	4e033a679305a70d782b78f142d8362e.exe	28
PID 3020 wrote to memory of 2064	3020	4e033a679305a70d782b78f142d8362e.exe	28

C:\Users\Admin\AppData\Local\Temp\4e033a679305a70d782b78f142d8362e.exe
"C:\Users\Admin\AppData\Local\Temp\4e033a679305a70d782b78f142d8362e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 88
  2⤵
  - Program crash
  PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3020-0-0x0000000000400000-0x000000000040CCD2-memory.dmp

Filesize
51KB

Download
memory/3020-1-0x0000000000400000-0x000000000040CCD2-memory.dmp

Filesize
51KB

Download