3a8700fe3199c08b82e606a59e579123c9ebbefbe528ca2554f875131ee40ada | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 13:03

Sharing

Report Analysis Logs

General

Target

74c50b81a3c490a43e823bbefa2feb1c.exe
Size

437KB
MD5

74c50b81a3c490a43e823bbefa2feb1c
SHA1

ea56bc84cecc4a6dc3b5d4ed09a684bdca1c3699
SHA256

3a8700fe3199c08b82e606a59e579123c9ebbefbe528ca2554f875131ee40ada
SHA512

a2c1408ca2f7b89965175091d1dd9dd2e3bb237be607a867b71bfdbe835dd30826f26fa42c71efb895efaa7b1041f0f3ae4472d7230a944eb41f64f87c22bfa1
SSDEEP

12288:Z9Z8m5DuEy2f+73v3m0/HkWRpsslw9rVa:Z9Z8mPrm73n/nNlw9rVa

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1220	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1220	2040	74c50b81a3c490a43e823bbefa2feb1c.exe	28
PID 2040 wrote to memory of 1220	2040	74c50b81a3c490a43e823bbefa2feb1c.exe	28
PID 2040 wrote to memory of 1220	2040	74c50b81a3c490a43e823bbefa2feb1c.exe	28
PID 2040 wrote to memory of 1220	2040	74c50b81a3c490a43e823bbefa2feb1c.exe	28

C:\Users\Admin\AppData\Local\Temp\74c50b81a3c490a43e823bbefa2feb1c.exe
"C:\Users\Admin\AppData\Local\Temp\74c50b81a3c490a43e823bbefa2feb1c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 116
  2⤵
  - Program crash
  PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-0-0x00000000009B0000-0x0000000000A21000-memory.dmp

Filesize
452KB

Download