a4fd88cb8697e97e4874a37af35d1b60e6c8e21540c032aa68f06885d5dfade2 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 23:35

Sharing

Report Analysis Logs

General

Target

59b32bfc8d12f8404f348a6a48424016.exe
Size

76KB
MD5

59b32bfc8d12f8404f348a6a48424016
SHA1

83606c882bb8ab38e10ed8f074bc7c4bb216c4aa
SHA256

a4fd88cb8697e97e4874a37af35d1b60e6c8e21540c032aa68f06885d5dfade2
SHA512

15fee266a6ab024187dca17d5e2ee3ef2fff3cf20e32024afce1a1acc44b62d6e611af9c9c90819ccfbee38d45b0b6a1bb15367f715321a037c908182adfc180
SSDEEP

768:siaWr/+r83FCBVDRJDUl41Bp5wftcVH7KudELgWrL:siaW/73FC441BA2Vuudc73

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3056	3004	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3056	3004	59b32bfc8d12f8404f348a6a48424016.exe	28
PID 3004 wrote to memory of 3056	3004	59b32bfc8d12f8404f348a6a48424016.exe	28
PID 3004 wrote to memory of 3056	3004	59b32bfc8d12f8404f348a6a48424016.exe	28
PID 3004 wrote to memory of 3056	3004	59b32bfc8d12f8404f348a6a48424016.exe	28

C:\Users\Admin\AppData\Local\Temp\59b32bfc8d12f8404f348a6a48424016.exe
"C:\Users\Admin\AppData\Local\Temp\59b32bfc8d12f8404f348a6a48424016.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 148
  2⤵
  - Program crash
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads