e31fea169d7931948b5b444418bf375a47043235c1c7d74212f049963b85cd97 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 01:28

Sharing

Report Analysis Logs

General

Target

59eab4961e3424f1f9c263a533f92f31.exe
Size

416KB
MD5

59eab4961e3424f1f9c263a533f92f31
SHA1

1ab0bf58bd887e4190943ecae0025659b23f67d9
SHA256

e31fea169d7931948b5b444418bf375a47043235c1c7d74212f049963b85cd97
SHA512

f7585f64268ba21be8fd1c61b6ffa5dd9bf006f437702188e2fc6c9e25eb185c55782e92634e373ac3474267916eb33e87d335ce36fc4514aaaf7981b530bd50
SSDEEP

6144:z5+D7gBPTc/bSUkWb0/N+hKBdCPQHNB91QJptQfZK6:MKICWbMtB1WYh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3028	2980	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3028	2980	59eab4961e3424f1f9c263a533f92f31.exe	28
PID 2980 wrote to memory of 3028	2980	59eab4961e3424f1f9c263a533f92f31.exe	28
PID 2980 wrote to memory of 3028	2980	59eab4961e3424f1f9c263a533f92f31.exe	28
PID 2980 wrote to memory of 3028	2980	59eab4961e3424f1f9c263a533f92f31.exe	28

C:\Users\Admin\AppData\Local\Temp\59eab4961e3424f1f9c263a533f92f31.exe
"C:\Users\Admin\AppData\Local\Temp\59eab4961e3424f1f9c263a533f92f31.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 144
  2⤵
  - Program crash
  PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download