90c735733f437dce108c63e77e142e650799bf24e47a4394e35d58a3942fe591 | Triage

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 09:13

Sharing

Report Analysis Logs

General

Target

79d8daa8111ee7e88dce9d6b75bc4762.exe
Size

521KB
MD5

79d8daa8111ee7e88dce9d6b75bc4762
SHA1

f4cb7d1973fec2c39369fa0caff6aaffb686273f
SHA256

90c735733f437dce108c63e77e142e650799bf24e47a4394e35d58a3942fe591
SHA512

fe2477a243de18793ade1e8ac5ca71739c34ab6d01e5938244c7103311db079a16dbaef81990c3c6f147c30d93eb020115e5ec800877728e64ef1e3d443ee175
SSDEEP

12288:ArMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxLV50:6ZyCA8CBmn+RrNj9ay5+i

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1648	2420	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1648	2420	79d8daa8111ee7e88dce9d6b75bc4762.exe	28
PID 2420 wrote to memory of 1648	2420	79d8daa8111ee7e88dce9d6b75bc4762.exe	28
PID 2420 wrote to memory of 1648	2420	79d8daa8111ee7e88dce9d6b75bc4762.exe	28
PID 2420 wrote to memory of 1648	2420	79d8daa8111ee7e88dce9d6b75bc4762.exe	28

C:\Users\Admin\AppData\Local\Temp\79d8daa8111ee7e88dce9d6b75bc4762.exe
"C:\Users\Admin\AppData\Local\Temp\79d8daa8111ee7e88dce9d6b75bc4762.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 164
  2⤵
  - Program crash
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download