e851b2cfdec4abcb1b2e3b2a0f557d10c431fd5bf62bbcf42e3e0cd9ddda89d5 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 11:27

Sharing

Report Analysis Logs

General

Target

$0/questbrwsearch.exe
Size

25KB
MD5

9a6d3bb12ba4687d6cb5ed5ca6d123a6
SHA1

33610da906247bb3036ce8316b774f6780fbc420
SHA256

8ab34d0bb4e0ca7e364888c40ff3134f8cc80974ddc4f962907ec5706b720b79
SHA512

3cc6eb0bb1c842778eb98f7fb4ed4cd461c0322158d8f6a0501433472415568906d12c010c3f22ef07a7dbb73b7a8990faa08083ea1c27ab51be5ec2b6ac3ca2
SSDEEP

768:VsQrRb1N6TYIFXTa9DqJujrQcnvRB4juaBalE:2QrRb1NTIFXTIDqJkQcv34jMlE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1876	3048	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 1876	3048	questbrwsearch.exe	28
PID 3048 wrote to memory of 1876	3048	questbrwsearch.exe	28
PID 3048 wrote to memory of 1876	3048	questbrwsearch.exe	28
PID 3048 wrote to memory of 1876	3048	questbrwsearch.exe	28

C:\Users\Admin\AppData\Local\Temp\$0\questbrwsearch.exe
"C:\Users\Admin\AppData\Local\Temp\$0\questbrwsearch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 48
  2⤵
  - Program crash
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads