0bd5b5d90e4c37b796459ae5a4ca5f70501f20b39a84f980abd180774aed3bab | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 10:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b08c66550e5ea251983f2dc852cf8aa.exe
Size

115KB
MD5

5b08c66550e5ea251983f2dc852cf8aa
SHA1

90b7e3a2c9d19f1782f278efdda28100496ef296
SHA256

0bd5b5d90e4c37b796459ae5a4ca5f70501f20b39a84f980abd180774aed3bab
SHA512

846f30eb059a61ed5ca0bf066d7fd10079d6ab64ed3fe1dcf9a3d51eb7c23d28802f81b5bf9709e8664d7ed1a6a2530903b6e1d9ae52f0aa969d7928dca78be7
SSDEEP

3072:7euZrCDP9awSCYgBBf2ZA3val2ZaBO6+POGYoCcF:HrCDP8wVYWQyCl2KN4fF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	1632	WerFault.exe	20

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2316	1632	5b08c66550e5ea251983f2dc852cf8aa.exe	28
PID 1632 wrote to memory of 2316	1632	5b08c66550e5ea251983f2dc852cf8aa.exe	28
PID 1632 wrote to memory of 2316	1632	5b08c66550e5ea251983f2dc852cf8aa.exe	28
PID 1632 wrote to memory of 2316	1632	5b08c66550e5ea251983f2dc852cf8aa.exe	28

C:\Users\Admin\AppData\Local\Temp\5b08c66550e5ea251983f2dc852cf8aa.exe
"C:\Users\Admin\AppData\Local\Temp\5b08c66550e5ea251983f2dc852cf8aa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 92
  2⤵
  - Program crash
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1632-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download