c7973bb3f903a9fab338224261dd3a9e487482f66cbf52d702f4a65019f2c8ae | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 00:13

Sharing

Report Analysis Logs

General

Target

6666b94269ffeebce20e986c5e9e33f0.exe
Size

59KB
MD5

6666b94269ffeebce20e986c5e9e33f0
SHA1

f5a561b5b44ab5435176cd263665d5cb00f423f7
SHA256

c7973bb3f903a9fab338224261dd3a9e487482f66cbf52d702f4a65019f2c8ae
SHA512

1dde9f80a9821a0d74eb33f6fe58c2a364f69ec2e74c590674427c8c1b1a0a84ae1199a490604148134db8c93b4829bd2a9994ae8b82a71e11bea94ed3b8fa31
SSDEEP

1536:ncp16jVImE5/TYr4IVeZQp5rGleAdI94btfnT+v:C16jVVsIVeKp5rGleAqItvS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
936	2372	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 936	2372	6666b94269ffeebce20e986c5e9e33f0.exe	16
PID 2372 wrote to memory of 936	2372	6666b94269ffeebce20e986c5e9e33f0.exe	16
PID 2372 wrote to memory of 936	2372	6666b94269ffeebce20e986c5e9e33f0.exe	16
PID 2372 wrote to memory of 936	2372	6666b94269ffeebce20e986c5e9e33f0.exe	16

C:\Users\Admin\AppData\Local\Temp\6666b94269ffeebce20e986c5e9e33f0.exe
"C:\Users\Admin\AppData\Local\Temp\6666b94269ffeebce20e986c5e9e33f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 88
  2⤵
  - Program crash
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads