8823ba606460d8e04daab629ec4e3727ff48ee8424c96afd217b05682d8b7096 | Triage

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:00

Sharing

Report Analysis Logs

General

Target

74eac85a9ca9cf204db13572ce2b66de.exe
Size

1.2MB
MD5

74eac85a9ca9cf204db13572ce2b66de
SHA1

9d4e1e07d86f25a73a23bbc08ce845e35e974a9f
SHA256

8823ba606460d8e04daab629ec4e3727ff48ee8424c96afd217b05682d8b7096
SHA512

e8e1d2b9e8a7dfa1f4f16620eb7ef37b8d13baa8bbfa971ebdde78fefb83f2b0c1e808a2e0661ce7367d96c93fc0ae26979e06b1fa9ff268fb3fb7196cf9714a
SSDEEP

24576:mr2ASCt7vJQ+RhKNOIU54SgWOnvgvIgxNITJnAE/rt:mJvA5UaWOnvyNItAEp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2364 2128 WerFault.exe 74eac85a9ca9cf204db13572ce2b66de.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74eac85a9ca9cf204db13572ce2b66de.exe

description	pid	process	target process
PID 2128 wrote to memory of 2364	2128	74eac85a9ca9cf204db13572ce2b66de.exe	WerFault.exe
PID 2128 wrote to memory of 2364	2128	74eac85a9ca9cf204db13572ce2b66de.exe	WerFault.exe
PID 2128 wrote to memory of 2364	2128	74eac85a9ca9cf204db13572ce2b66de.exe	WerFault.exe
PID 2128 wrote to memory of 2364	2128	74eac85a9ca9cf204db13572ce2b66de.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\74eac85a9ca9cf204db13572ce2b66de.exe
"C:\Users\Admin\AppData\Local\Temp\74eac85a9ca9cf204db13572ce2b66de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 128
2⤵
- Program crash
PID:2364

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x0000000010000000-0x0000000010098000-memory.dmp

Filesize
608KB

Download