026fd0d6222bdc69a9e122070503c54ccedb41e5cb2ed25f1c322ce2089b69bd | Triage

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 10:19

Sharing

Report Analysis Logs

General

Target

53410845688ea45527967c26844ffcbd.exe
Size

51KB
MD5

53410845688ea45527967c26844ffcbd
SHA1

45c834d651d7acf80eb44296efeb738de0edf63d
SHA256

026fd0d6222bdc69a9e122070503c54ccedb41e5cb2ed25f1c322ce2089b69bd
SHA512

ed499521deb3b941a37f694bcdf1fa685bb0167367b039823a5f546bf7902cea9d3e16d4b0a85508cd234a2b54e336599034fbeabb9760c59644366cae4c4d5c
SSDEEP

1536:Rda/y/g+qZqrWlhpe8XwHb8zOKch+0uJ6Jug:+oglYrWnkOI8yhru9g

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2524	2800	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2524	2800	53410845688ea45527967c26844ffcbd.exe	15
PID 2800 wrote to memory of 2524	2800	53410845688ea45527967c26844ffcbd.exe	15
PID 2800 wrote to memory of 2524	2800	53410845688ea45527967c26844ffcbd.exe	15
PID 2800 wrote to memory of 2524	2800	53410845688ea45527967c26844ffcbd.exe	15

C:\Users\Admin\AppData\Local\Temp\53410845688ea45527967c26844ffcbd.exe
"C:\Users\Admin\AppData\Local\Temp\53410845688ea45527967c26844ffcbd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 96
  2⤵
  - Program crash
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download