231ca5bc758311309e148cf3f963073ce4c10c2ad100265129617acd3e71c923 | Triage

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 06:52

Sharing

Report Analysis Logs

General

Target

66f905018d657e504791fafb863df3e2.exe
Size

27KB
MD5

66f905018d657e504791fafb863df3e2
SHA1

927996db53937b7892b9f24c939b9448ef469770
SHA256

231ca5bc758311309e148cf3f963073ce4c10c2ad100265129617acd3e71c923
SHA512

4e2f6e6b639217acbf59f65f4761a5777cd48bb903ff0d34e40c4a2d8e53de8fbfcedfdb8ac632424b75fddd9db251590a5cbe2b88d9fb0376d9cb588bc75c11
SSDEEP

768:yslRVQVECj2TltVR9du16K8v1BciLNwlcxF:ysHCdjAtRdi+v7WuxF

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	1088	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2896	1088	66f905018d657e504791fafb863df3e2.exe	28
PID 1088 wrote to memory of 2896	1088	66f905018d657e504791fafb863df3e2.exe	28
PID 1088 wrote to memory of 2896	1088	66f905018d657e504791fafb863df3e2.exe	28
PID 1088 wrote to memory of 2896	1088	66f905018d657e504791fafb863df3e2.exe	28

C:\Users\Admin\AppData\Local\Temp\66f905018d657e504791fafb863df3e2.exe
"C:\Users\Admin\AppData\Local\Temp\66f905018d657e504791fafb863df3e2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 36
  2⤵
  - Program crash
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download