3296a761cf85516af9c7a221902ed855c70c700856eb8e8233a6a8e113bdd8d5 | Triage

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 21:24

Sharing

Report Analysis Logs

General

Target

549e3209043022f653cd4e212d868b10.exe
Size

118KB
MD5

549e3209043022f653cd4e212d868b10
SHA1

3975ddc8ce349a8e23becf8c65af1b456508d712
SHA256

3296a761cf85516af9c7a221902ed855c70c700856eb8e8233a6a8e113bdd8d5
SHA512

48b6279ff4c8b4baf822b56d5a8f7faa28ccea8cead5917084bd316a64f2ff0a58c2ab2acc00d3610d83c94e3b97e5d50f4f4265892a26f8aac790721f2c9b70
SSDEEP

3072:0ULK1Bx+ov1P5IQwHLFTkDS9s39DiNNSsOk:1QBxUhiDsq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2436	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2116	2436	549e3209043022f653cd4e212d868b10.exe	19
PID 2436 wrote to memory of 2116	2436	549e3209043022f653cd4e212d868b10.exe	19
PID 2436 wrote to memory of 2116	2436	549e3209043022f653cd4e212d868b10.exe	19
PID 2436 wrote to memory of 2116	2436	549e3209043022f653cd4e212d868b10.exe	19

C:\Users\Admin\AppData\Local\Temp\549e3209043022f653cd4e212d868b10.exe
"C:\Users\Admin\AppData\Local\Temp\549e3209043022f653cd4e212d868b10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 136
  2⤵
  - Program crash
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2436-0-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2436-1-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download