c014fa001a1403808416f15bb3932b447ef955c50e975eb61c625d2939f45a73 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 04:03

Sharing

Report Analysis Logs

General

Target

7c19420d4e8bb470d0b1e8172be110fc.exe
Size

115KB
MD5

7c19420d4e8bb470d0b1e8172be110fc
SHA1

baacd38938c1e314cf72077f2063db8bcafad6ae
SHA256

c014fa001a1403808416f15bb3932b447ef955c50e975eb61c625d2939f45a73
SHA512

7786ce84b65c354796bf28ef0f158d1598ea4219278b08e661aef701dd2af32f7eea48749f312323120c8dbfe72a2ecbce27105d64b0d643699f3e74a5938ccc
SSDEEP

3072:w7XcY5rP6TUr7JRJQQmjcTY+jmug9BKUrS:woM64r9RNmITYQ3gje

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2056	1700	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2056	1700	7c19420d4e8bb470d0b1e8172be110fc.exe	28
PID 1700 wrote to memory of 2056	1700	7c19420d4e8bb470d0b1e8172be110fc.exe	28
PID 1700 wrote to memory of 2056	1700	7c19420d4e8bb470d0b1e8172be110fc.exe	28
PID 1700 wrote to memory of 2056	1700	7c19420d4e8bb470d0b1e8172be110fc.exe	28

C:\Users\Admin\AppData\Local\Temp\7c19420d4e8bb470d0b1e8172be110fc.exe
"C:\Users\Admin\AppData\Local\Temp\7c19420d4e8bb470d0b1e8172be110fc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 36
  2⤵
  - Program crash
  PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download