3d7f81b11b2601f2416383abb59cb3acf9c38786ad1885c836fbecc3121167b2 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 15:23

Sharing

Report Analysis Logs

General

Target

50ec8a05033acca98eadaf82066c1789.exe
Size

28KB
MD5

50ec8a05033acca98eadaf82066c1789
SHA1

84a15026562ab783ffe4796b3931b4bff43f87d0
SHA256

3d7f81b11b2601f2416383abb59cb3acf9c38786ad1885c836fbecc3121167b2
SHA512

993235273b6325a1ffbf22e9b3c0021dc3cfb64b73d05be9d2acb5f753efd780a75c5e73d54c7f74ba1e30fa9f7281ac8a9e3a52142b787f05e70658d207b588
SSDEEP

384:RXIc8R65eT4No1KEjhMRXKRgDGST0sEL:RswMT4KjhGDr1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
2912	3044	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2912	3044	50ec8a05033acca98eadaf82066c1789.exe	16
PID 3044 wrote to memory of 2912	3044	50ec8a05033acca98eadaf82066c1789.exe	16
PID 3044 wrote to memory of 2912	3044	50ec8a05033acca98eadaf82066c1789.exe	16
PID 3044 wrote to memory of 2912	3044	50ec8a05033acca98eadaf82066c1789.exe	16

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 144
1⤵
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\50ec8a05033acca98eadaf82066c1789.exe
"C:\Users\Admin\AppData\Local\Temp\50ec8a05033acca98eadaf82066c1789.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download