897fdb2440fe6945aca51334daa169146eda8ff92262253bd9899f24ffee1d5e | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 05:31

Sharing

Report Analysis Logs

General

Target

66d1b19a3a04aee5c125fd7f0ab50aee.exe
Size

55KB
MD5

66d1b19a3a04aee5c125fd7f0ab50aee
SHA1

4221af85c8624517f3c1d65f1f1625646a248958
SHA256

897fdb2440fe6945aca51334daa169146eda8ff92262253bd9899f24ffee1d5e
SHA512

d1e981e06092db016c50f262633e64d7be0a824bfcef3b53232c7aca76abe8909e6eaa06b51a5c72d84a3c5a57606d4fa54e139f48c935d4d2b7480bf212cdf0
SSDEEP

1536:wwC9+jsv6Mo1FGQJJ24jUlMpbiOzVRn+c:wH+QUGSLQuiiVR+c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1524	2264	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1524	2264	66d1b19a3a04aee5c125fd7f0ab50aee.exe	28
PID 2264 wrote to memory of 1524	2264	66d1b19a3a04aee5c125fd7f0ab50aee.exe	28
PID 2264 wrote to memory of 1524	2264	66d1b19a3a04aee5c125fd7f0ab50aee.exe	28
PID 2264 wrote to memory of 1524	2264	66d1b19a3a04aee5c125fd7f0ab50aee.exe	28

C:\Users\Admin\AppData\Local\Temp\66d1b19a3a04aee5c125fd7f0ab50aee.exe
"C:\Users\Admin\AppData\Local\Temp\66d1b19a3a04aee5c125fd7f0ab50aee.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 96
  2⤵
  - Program crash
  PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2264-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download