cdd8b8f23dca64836aa8230e90e940711bc13b8545ff0d1436cdfe449cdafc63 | Triage

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 02:52

Sharing

Report Analysis Logs

General

Target

55486a073e3735536940866ad18ed018.exe
Size

34KB
MD5

55486a073e3735536940866ad18ed018
SHA1

01701aea22201da7dc7f2a63653903a27c960fe2
SHA256

cdd8b8f23dca64836aa8230e90e940711bc13b8545ff0d1436cdfe449cdafc63
SHA512

780f9e41b97ec773f93787a113dd939d532935316d315fa8b75e8762facc3ab1310e9c7c959d6a8041dedcb79d06c9aabe534403454ed4d59413386ef12288ab
SSDEEP

768:ZE89oJkP/FCiMyjuFLiacrIDXpJLO/87+hdyfdJ:6n6xupcrIDXp9OQ+if

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2748	2316	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2748	2316	55486a073e3735536940866ad18ed018.exe	16
PID 2316 wrote to memory of 2748	2316	55486a073e3735536940866ad18ed018.exe	16
PID 2316 wrote to memory of 2748	2316	55486a073e3735536940866ad18ed018.exe	16
PID 2316 wrote to memory of 2748	2316	55486a073e3735536940866ad18ed018.exe	16

C:\Users\Admin\AppData\Local\Temp\55486a073e3735536940866ad18ed018.exe
"C:\Users\Admin\AppData\Local\Temp\55486a073e3735536940866ad18ed018.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 88
  2⤵
  - Program crash
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download