9cef9b7534589526fe5500c06b9d1391757b5f3b0d9c0fa0ba0748e23002a937 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 09:00

Sharing

Report Analysis Logs

General

Target

76efeb694a4781b75e65c6900e34084d.exe
Size

42KB
MD5

76efeb694a4781b75e65c6900e34084d
SHA1

88ced53dc25a4b5e92f6942f9b67f70061e4f8cb
SHA256

9cef9b7534589526fe5500c06b9d1391757b5f3b0d9c0fa0ba0748e23002a937
SHA512

17c1bf6dcdd4dc77f0dc1a3eaa1a8e2bd8750ec55474e0c663012d261fe5cffba7829bc1ffe8638d8924282753eca2ddd515fd16bd378e0af598279d99ceae85
SSDEEP

768:m3w3UNTmG7vbrl6i3mE6x3rbiZiyCM+CVkp1/3k:mgkNTJbESRyidv+Cab/3k

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	3052	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2016	3052	76efeb694a4781b75e65c6900e34084d.exe	28
PID 3052 wrote to memory of 2016	3052	76efeb694a4781b75e65c6900e34084d.exe	28
PID 3052 wrote to memory of 2016	3052	76efeb694a4781b75e65c6900e34084d.exe	28
PID 3052 wrote to memory of 2016	3052	76efeb694a4781b75e65c6900e34084d.exe	28

C:\Users\Admin\AppData\Local\Temp\76efeb694a4781b75e65c6900e34084d.exe
"C:\Users\Admin\AppData\Local\Temp\76efeb694a4781b75e65c6900e34084d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 88
  2⤵
  - Program crash
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads