e9aa9dbd30352a4080670dd9df68d20e57c5d30a0cdcb674e0b25b9ac45a2008 | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 11:13

Sharing

Report Analysis Logs

General

Target

748c8f9b84a30fc372d61c9f13dfc48e.exe
Size

35KB
MD5

748c8f9b84a30fc372d61c9f13dfc48e
SHA1

aa650183d3529c463d4c96c22d9bb76839b0ccd0
SHA256

e9aa9dbd30352a4080670dd9df68d20e57c5d30a0cdcb674e0b25b9ac45a2008
SHA512

8a02731926e1f4dd8ba16e3da8328360dc9f42f4c5caa849b1e27d2fa51cf53a48afcfcdf38688eee0b2c56ab7aab04ded58b55c42826a5a2f7284907b68530f
SSDEEP

768:uzCBn9hc6ig4MM5IhcGaYlafj2yraWbfDJo:dn3c9g4tr7Jo

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1896	2392	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1896	2392	748c8f9b84a30fc372d61c9f13dfc48e.exe	28
PID 2392 wrote to memory of 1896	2392	748c8f9b84a30fc372d61c9f13dfc48e.exe	28
PID 2392 wrote to memory of 1896	2392	748c8f9b84a30fc372d61c9f13dfc48e.exe	28
PID 2392 wrote to memory of 1896	2392	748c8f9b84a30fc372d61c9f13dfc48e.exe	28

C:\Users\Admin\AppData\Local\Temp\748c8f9b84a30fc372d61c9f13dfc48e.exe
"C:\Users\Admin\AppData\Local\Temp\748c8f9b84a30fc372d61c9f13dfc48e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 148
  2⤵
  - Program crash
  PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2392-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download