b4920cb9a80d97c768258f9dd5c1fda0510333f9da3a7540e34492baaa871fdc | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/01/2024, 15:33

Sharing

Report Analysis Logs

General

Target

6fcb39c821112c6c8f096a25fda4b6c5.exe
Size

364KB
MD5

6fcb39c821112c6c8f096a25fda4b6c5
SHA1

623a2a9ded5b9624d64dbc18a9f3cf4a5f672938
SHA256

b4920cb9a80d97c768258f9dd5c1fda0510333f9da3a7540e34492baaa871fdc
SHA512

8cae76742b694feb26b10f96a76c80468c6559eb9ce388c153596631ce0ae88b52f173a57f3a98a3c8db1baed3db574c38f665d7b7c2cf455e6ab35e11369895
SSDEEP

3072:pJgsRv3TByZqoBKzKbyLDTBFUb1nGBK6w:TgG3sG2cQ1GBB

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2668	2180	WerFault.exe	15

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2668	2180	6fcb39c821112c6c8f096a25fda4b6c5.exe	16
PID 2180 wrote to memory of 2668	2180	6fcb39c821112c6c8f096a25fda4b6c5.exe	16
PID 2180 wrote to memory of 2668	2180	6fcb39c821112c6c8f096a25fda4b6c5.exe	16
PID 2180 wrote to memory of 2668	2180	6fcb39c821112c6c8f096a25fda4b6c5.exe	16

C:\Users\Admin\AppData\Local\Temp\6fcb39c821112c6c8f096a25fda4b6c5.exe
"C:\Users\Admin\AppData\Local\Temp\6fcb39c821112c6c8f096a25fda4b6c5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 140
  2⤵
  - Program crash
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2180-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download