f99c3cb1c8b1bbfd61dc86244936605bc777a2c2d2aa15d64e069ac04a393c3d | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 08:38

Sharing

Report Analysis Logs

General

Target

530ce49455b4b11dd3e963fbb2e2c2fb.exe
Size

109KB
MD5

530ce49455b4b11dd3e963fbb2e2c2fb
SHA1

2a51788f7b6d8871dadc0870a1adb24c93acb3a3
SHA256

f99c3cb1c8b1bbfd61dc86244936605bc777a2c2d2aa15d64e069ac04a393c3d
SHA512

8ac3945c51b4c146d33b9a3dcea28059641837694b40737cd3ec782e5baecf975395afae35456626e7339ce9db24433b83f03378d363063def142b1f76b72483
SSDEEP

3072:SD3Hl5JVSa4GhR+lbTlVd3c6h2o1DNo9:y3Xok+llLQoO

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1880	2236	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1880	2236	530ce49455b4b11dd3e963fbb2e2c2fb.exe	28
PID 2236 wrote to memory of 1880	2236	530ce49455b4b11dd3e963fbb2e2c2fb.exe	28
PID 2236 wrote to memory of 1880	2236	530ce49455b4b11dd3e963fbb2e2c2fb.exe	28
PID 2236 wrote to memory of 1880	2236	530ce49455b4b11dd3e963fbb2e2c2fb.exe	28

C:\Users\Admin\AppData\Local\Temp\530ce49455b4b11dd3e963fbb2e2c2fb.exe
"C:\Users\Admin\AppData\Local\Temp\530ce49455b4b11dd3e963fbb2e2c2fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 148
  2⤵
  - Program crash
  PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads