5a33e61b6625e2cac6ce1b3cfb05958cda95b7257d50e1d0108b83596392a5b6 | Triage

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 23:50

Sharing

Report Analysis Logs

General

Target

70e1682854e1b5771b91eb317df85bd8.exe
Size

204KB
MD5

70e1682854e1b5771b91eb317df85bd8
SHA1

cccf0c59a8071485f23a36488b9eb65b7d5e23de
SHA256

5a33e61b6625e2cac6ce1b3cfb05958cda95b7257d50e1d0108b83596392a5b6
SHA512

a9fedcaa034c78463933a0347a525618ed01114956c8779f90dac5dfeec2f84ea6a903f7b65cd62b942084d181bc510138824b9554f5eeffb1eb5d2ebe9072d4
SSDEEP

6144:9GaO0vYQoJfzRMgSf27kBPpVrixUG/NE:9GpQUzRMzNBPDrPGW

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4776 2684 WerFault.exe 70e1682854e1b5771b91eb317df85bd8.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

70e1682854e1b5771b91eb317df85bd8.exe

pid process

2684 70e1682854e1b5771b91eb317df85bd8.exe

C:\Users\Admin\AppData\Local\Temp\70e1682854e1b5771b91eb317df85bd8.exe
"C:\Users\Admin\AppData\Local\Temp\70e1682854e1b5771b91eb317df85bd8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 464
2⤵
- Program crash
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2684 -ip 2684
1⤵
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2684-2-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2684-3-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download