760fc910db5bfcf2994caa1dbef7fa5d0eb40a06443fe075eb3f951880218c94 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 12:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50900e1303951440013261f98a48dc5b.exe
Size

35KB
MD5

50900e1303951440013261f98a48dc5b
SHA1

a7387c34af5df450a9435f12b0731f3624192a92
SHA256

760fc910db5bfcf2994caa1dbef7fa5d0eb40a06443fe075eb3f951880218c94
SHA512

882e8283c75ed7c586f63f09d627f4ceefcadb41076045e769fbb54c9777272067f7dc95ac00aff57762438f3f56a6ce34dc029f16b96ecf74e5891b288a1341
SSDEEP

768:ABslAg9Su9UETSWGHaD09YKLkRqy0XI/O:dy8Sum0DOY+kIXz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1616	1704	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1616	1704	50900e1303951440013261f98a48dc5b.exe	28
PID 1704 wrote to memory of 1616	1704	50900e1303951440013261f98a48dc5b.exe	28
PID 1704 wrote to memory of 1616	1704	50900e1303951440013261f98a48dc5b.exe	28
PID 1704 wrote to memory of 1616	1704	50900e1303951440013261f98a48dc5b.exe	28

C:\Users\Admin\AppData\Local\Temp\50900e1303951440013261f98a48dc5b.exe
"C:\Users\Admin\AppData\Local\Temp\50900e1303951440013261f98a48dc5b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 88
  2⤵
  - Program crash
  PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download