2cde0bb963e183d21347c2caaa235b41f4da3457746056fa7dc46a9f2962c6a5 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:03

Sharing

Report Analysis Logs

General

Target

750ab0801973805e02ed57af432e121b.exe
Size

60KB
MD5

750ab0801973805e02ed57af432e121b
SHA1

6bb5827d2063c5c2261f1bebd225dc559edaf89b
SHA256

2cde0bb963e183d21347c2caaa235b41f4da3457746056fa7dc46a9f2962c6a5
SHA512

8aca52a1e434f1e80b19dfec44de5b9eaa6575b96e623483a8372488d07ab88aba29da9c85e2368ec6e64d2601378e9860062160d36927192856d127f78d011a
SSDEEP

1536:UAU15FUw+2MpVy0AhFXvEuPEtrLKtyfX9bH4:y33MpVmX5ILKtyFY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2316 2264 WerFault.exe 750ab0801973805e02ed57af432e121b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

750ab0801973805e02ed57af432e121b.exe

description	pid	process	target process
PID 2264 wrote to memory of 2316	2264	750ab0801973805e02ed57af432e121b.exe	WerFault.exe
PID 2264 wrote to memory of 2316	2264	750ab0801973805e02ed57af432e121b.exe	WerFault.exe
PID 2264 wrote to memory of 2316	2264	750ab0801973805e02ed57af432e121b.exe	WerFault.exe
PID 2264 wrote to memory of 2316	2264	750ab0801973805e02ed57af432e121b.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\750ab0801973805e02ed57af432e121b.exe
"C:\Users\Admin\AppData\Local\Temp\750ab0801973805e02ed57af432e121b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 92
2⤵
- Program crash
PID:2316

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...