2ff82131dedd3b462649bf5375dfbbe61bc01881ed2dad5e0b9072932565d4a0 | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 22:49

Sharing

Report Analysis Logs

General

Target

599ccdf384ef6c92c89012b5064e2cb2.exe
Size

444KB
MD5

599ccdf384ef6c92c89012b5064e2cb2
SHA1

ace96d6ea39821c2eae043aaba729fdbce96d115
SHA256

2ff82131dedd3b462649bf5375dfbbe61bc01881ed2dad5e0b9072932565d4a0
SHA512

05fc964ea363caf0fd74cd378a43be0ff64e02be56fab859ffa243c7b15b68fc81156d9d3dc1854e314f09902f263da183bd050ddb08655a6853728449ab57cc
SSDEEP

6144:/6tSLWZgVL3754EUZmfI3z+wGA1oAtZWJP56Pz:CHZ4b754EUZLz+SCA6Pkz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2624	2828	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2624	2828	599ccdf384ef6c92c89012b5064e2cb2.exe	28
PID 2828 wrote to memory of 2624	2828	599ccdf384ef6c92c89012b5064e2cb2.exe	28
PID 2828 wrote to memory of 2624	2828	599ccdf384ef6c92c89012b5064e2cb2.exe	28
PID 2828 wrote to memory of 2624	2828	599ccdf384ef6c92c89012b5064e2cb2.exe	28

C:\Users\Admin\AppData\Local\Temp\599ccdf384ef6c92c89012b5064e2cb2.exe
"C:\Users\Admin\AppData\Local\Temp\599ccdf384ef6c92c89012b5064e2cb2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 120
  2⤵
  - Program crash
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2828-0-0x0000000000BA0000-0x0000000000C12000-memory.dmp

Filesize
456KB

Download