5f11ce3ada915906b73d710e30d752f03bd74dcb52d30f1233d014e7a40c1171 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 08:35

Sharing

Report Analysis Logs

General

Target

587860bceb507173960369f53bb5924a.exe
Size

34KB
MD5

587860bceb507173960369f53bb5924a
SHA1

f4de47e321e6b053e531b3782b7e2f9b1d7b83b9
SHA256

5f11ce3ada915906b73d710e30d752f03bd74dcb52d30f1233d014e7a40c1171
SHA512

9e676afbae960b4286fcd5c1de5660e7e8f79a37797a54da2fb3be26384397daf4468789a9c3eda00f6876729c9d5274b314d4e393b128f2ba1c24e56f3e29df
SSDEEP

768:Zjh7TzTBziifTeiZSVWihwEEnh0L7uTLeNfQfIOjks:1Z/nEEh8uTKNcks

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3008	2260	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3008	2260	587860bceb507173960369f53bb5924a.exe	28
PID 2260 wrote to memory of 3008	2260	587860bceb507173960369f53bb5924a.exe	28
PID 2260 wrote to memory of 3008	2260	587860bceb507173960369f53bb5924a.exe	28
PID 2260 wrote to memory of 3008	2260	587860bceb507173960369f53bb5924a.exe	28

C:\Users\Admin\AppData\Local\Temp\587860bceb507173960369f53bb5924a.exe
"C:\Users\Admin\AppData\Local\Temp\587860bceb507173960369f53bb5924a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 88
  2⤵
  - Program crash
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download