16aafece81f8bd44091d861b423e7777f1ba6a75a2649f4a62e8ffe29f69bab9 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 00:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6666a18c817b453dbffbab955cfdb49e.exe
Size

251KB
MD5

6666a18c817b453dbffbab955cfdb49e
SHA1

2612641083889ffc181c617fbef68a493d355b61
SHA256

16aafece81f8bd44091d861b423e7777f1ba6a75a2649f4a62e8ffe29f69bab9
SHA512

ec9a1b756be7ae718e7aa056b3c8ce6f949c76ec6182dd05ec2ebf6842715a7395df5672c201e0144a66433049169a9d6043764dd3159c3d4fb6ade48ad8e795
SSDEEP

6144:uzIkNj+hSaJmZs9rrALXqo1jmUZxL6xQGQXK3M:u8k5+hSGmZs9ELXqs76GK

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1708	2344	WerFault.exe	16

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28
PID 2344 wrote to memory of 1708	2344	6666a18c817b453dbffbab955cfdb49e.exe	28

C:\Users\Admin\AppData\Local\Temp\6666a18c817b453dbffbab955cfdb49e.exe
"C:\Users\Admin\AppData\Local\Temp\6666a18c817b453dbffbab955cfdb49e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 264
  2⤵
  - Program crash
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-0-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2344-1-0x0000000000240000-0x00000000002B1000-memory.dmp

Filesize
452KB

Download
memory/2344-2-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download