86262efe611b03bec13c083423333a509b301b1ba86a64b07b7a918743038ccc | Triage

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 19:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65d3cb2ccf4688f4610d6287a22f1134.exe
Size

66KB
MD5

65d3cb2ccf4688f4610d6287a22f1134
SHA1

53cbb2c91036eacaf59f2ffbfca7c0d629a9ca79
SHA256

86262efe611b03bec13c083423333a509b301b1ba86a64b07b7a918743038ccc
SHA512

d8d22e05846150421a6b13746a9d8f3dbc20220280b099f78d720b61724adf39bc8d5497a88983935ed980052cc5516171936297532b4a663c4c88024653f46f
SSDEEP

1536:wLkEqFY6xgFoB7qUbMUtatrMaOqSvryicFYFQe+:omYc4zMcSvr6YFQe+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2036	1664	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2036	1664	65d3cb2ccf4688f4610d6287a22f1134.exe	28
PID 1664 wrote to memory of 2036	1664	65d3cb2ccf4688f4610d6287a22f1134.exe	28
PID 1664 wrote to memory of 2036	1664	65d3cb2ccf4688f4610d6287a22f1134.exe	28
PID 1664 wrote to memory of 2036	1664	65d3cb2ccf4688f4610d6287a22f1134.exe	28

C:\Users\Admin\AppData\Local\Temp\65d3cb2ccf4688f4610d6287a22f1134.exe
"C:\Users\Admin\AppData\Local\Temp\65d3cb2ccf4688f4610d6287a22f1134.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 44
  2⤵
  - Program crash
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download