00f5b70211c1fccbc69431756e56ba16503ff7ff11a971cf4b4453630975b5a1 | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 00:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e69092615899a18ef61b65d7c9920a5.exe
Size

129KB
MD5

7e69092615899a18ef61b65d7c9920a5
SHA1

96b9c908da7582fb0b9026082785b13bbc0b8bbc
SHA256

00f5b70211c1fccbc69431756e56ba16503ff7ff11a971cf4b4453630975b5a1
SHA512

64154fee0855317c81f80c0cee8d043f95b83519226e58bb652895d608929ab68cc892ce275361067fa78b8da3ceac1717166e7644897f493d35ba81c815f877
SSDEEP

3072:FwAChnxQAeeqdTjB+vp1ixmnxHeS7tmE1Oj6m9ZL:FGnxiPVjY/iUnkWtmhRL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1372	320	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 1372	320	7e69092615899a18ef61b65d7c9920a5.exe	16
PID 320 wrote to memory of 1372	320	7e69092615899a18ef61b65d7c9920a5.exe	16
PID 320 wrote to memory of 1372	320	7e69092615899a18ef61b65d7c9920a5.exe	16
PID 320 wrote to memory of 1372	320	7e69092615899a18ef61b65d7c9920a5.exe	16

C:\Users\Admin\AppData\Local\Temp\7e69092615899a18ef61b65d7c9920a5.exe
"C:\Users\Admin\AppData\Local\Temp\7e69092615899a18ef61b65d7c9920a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 36
  2⤵
  - Program crash
  PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/320-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download