667bba255beb1de2692853d692d06df5ce6421f07d81979d9fc3a654db591f77 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 00:46

Sharing

Report Analysis Logs

General

Target

578a9aecf5f99d9b2b04f2aad325811b.exe
Size

56KB
MD5

578a9aecf5f99d9b2b04f2aad325811b
SHA1

e7c10d3e027e48ef6fff77760b4bc41fda09fd5f
SHA256

667bba255beb1de2692853d692d06df5ce6421f07d81979d9fc3a654db591f77
SHA512

5212af3c3dfbb45bee4b7565d05b44acb89805aba8cef333436fd0fe06102194b6246ba57caa8b20b73a503c67a1ab45f66c70c3f748e520a62ba64f7a5b84c8
SSDEEP

768:B1ZXC/bZCJrRvy5yH9xsK0df/sBoTe+bs+i:dcigK0dl

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	2208	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2196	2208	578a9aecf5f99d9b2b04f2aad325811b.exe	28
PID 2208 wrote to memory of 2196	2208	578a9aecf5f99d9b2b04f2aad325811b.exe	28
PID 2208 wrote to memory of 2196	2208	578a9aecf5f99d9b2b04f2aad325811b.exe	28
PID 2208 wrote to memory of 2196	2208	578a9aecf5f99d9b2b04f2aad325811b.exe	28

C:\Users\Admin\AppData\Local\Temp\578a9aecf5f99d9b2b04f2aad325811b.exe
"C:\Users\Admin\AppData\Local\Temp\578a9aecf5f99d9b2b04f2aad325811b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 148
  2⤵
  - Program crash
  PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download