e3d292ce4f5bfec8b177e52504dd03046795938a91b4c00560367e13016e3301 | Triage

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 21:25

Sharing

Report Analysis Logs

General

Target

70993af369c1515d57582eca676ba213.exe
Size

407KB
MD5

70993af369c1515d57582eca676ba213
SHA1

6f6b9251bcda2f73733dc969af7f0821617e59a7
SHA256

e3d292ce4f5bfec8b177e52504dd03046795938a91b4c00560367e13016e3301
SHA512

f824042315362b2c8bfff66e8a3e89e53d1acfd2dd2bd1deb618522a8ddd433df0a0adb7d1ea38bdf0df4a38f3d9085aad438c4a5e2eeb30cab0cf3af2648ed3
SSDEEP

6144:rMDmO6XsxLeAEKT8OmGW3TS7moyepYbkA/B5Z+zd:rMUm7qEgkKTZ+R

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4916 3168 WerFault.exe 70993af369c1515d57582eca676ba213.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

70993af369c1515d57582eca676ba213.exe

description	pid	process	target process
PID 3168 wrote to memory of 2128	3168	70993af369c1515d57582eca676ba213.exe	70993af369c1515d57582eca676ba213.exe
PID 3168 wrote to memory of 2128	3168	70993af369c1515d57582eca676ba213.exe	70993af369c1515d57582eca676ba213.exe
PID 3168 wrote to memory of 2128	3168	70993af369c1515d57582eca676ba213.exe	70993af369c1515d57582eca676ba213.exe

C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe
"C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3168

C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe
"C:\Users\Admin\AppData\Local\Temp\70993af369c1515d57582eca676ba213.exe"
2⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 420
2⤵
- Program crash
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3168 -ip 3168
1⤵
PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3168-1-0x00000000004D0000-0x00000000004D2000-memory.dmp

Filesize
8KB

Download
memory/3168-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download