58023aefde3f1ed70728cd09a390d69bf7dcee531efad0e3d2dbb7d6ea630e89 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 04:04

Sharing

Report Analysis Logs

General

Target

71669485e7e8f201687d655c9e999ab0.exe
Size

79KB
MD5

71669485e7e8f201687d655c9e999ab0
SHA1

84461a59a4775a5a72e61336d7e63d5edb6b752e
SHA256

58023aefde3f1ed70728cd09a390d69bf7dcee531efad0e3d2dbb7d6ea630e89
SHA512

67544a031dc2e98c7a4df59b0ed4ad7ede1b3be31a0192c2dc4796119b566b85c4aeec554fc1ceadd0b2ed7174c1b4e31b1ae223b98b6ea2f40ba4d4642dca48
SSDEEP

1536:2/UTjaekETWOkHtpQP3d1D3ieJuPVEIc7YPeZS:2IebHGfEP5c7c+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	2080	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2916	2080	71669485e7e8f201687d655c9e999ab0.exe	28
PID 2080 wrote to memory of 2916	2080	71669485e7e8f201687d655c9e999ab0.exe	28
PID 2080 wrote to memory of 2916	2080	71669485e7e8f201687d655c9e999ab0.exe	28
PID 2080 wrote to memory of 2916	2080	71669485e7e8f201687d655c9e999ab0.exe	28

C:\Users\Admin\AppData\Local\Temp\71669485e7e8f201687d655c9e999ab0.exe
"C:\Users\Admin\AppData\Local\Temp\71669485e7e8f201687d655c9e999ab0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 144
  2⤵
  - Program crash
  PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000000400000-0x0000000000439400-memory.dmp

Filesize
229KB

Download
memory/2080-1-0x0000000000400000-0x0000000000439400-memory.dmp

Filesize
229KB

Download