1c0355a301606e5b2bc3367e79f43b9820fb49bf52a607d910d4d2d2a33fefb8 | Triage

Analysis

max time kernel
144s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 12:38

Sharing

Report Analysis Logs

General

Target

5b424f08f99ee3d4a5614e96e987998f.exe
Size

64KB
MD5

5b424f08f99ee3d4a5614e96e987998f
SHA1

b1b520075c8873b52b70c34b4e9c620899014588
SHA256

1c0355a301606e5b2bc3367e79f43b9820fb49bf52a607d910d4d2d2a33fefb8
SHA512

3cc157da38ac211050b9b4c380522f98f5187df63777f0e99edbc8f3e530c12fc26feabfebcf5f6a507cca867aced76dbf94b310166b0d59852bb84669aa6f95
SSDEEP

1536:VBI+KApiJ90z1QsbO5Gg2CIp6ST12LMmPsBMu/H1:VzKAqI125Gg2CIiZPaN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2084	2080	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2084	2080	5b424f08f99ee3d4a5614e96e987998f.exe	28
PID 2080 wrote to memory of 2084	2080	5b424f08f99ee3d4a5614e96e987998f.exe	28
PID 2080 wrote to memory of 2084	2080	5b424f08f99ee3d4a5614e96e987998f.exe	28
PID 2080 wrote to memory of 2084	2080	5b424f08f99ee3d4a5614e96e987998f.exe	28

C:\Users\Admin\AppData\Local\Temp\5b424f08f99ee3d4a5614e96e987998f.exe
"C:\Users\Admin\AppData\Local\Temp\5b424f08f99ee3d4a5614e96e987998f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 140
  2⤵
  - Program crash
  PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2080-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download