06acb55fed03e36457f0a2cc9a069548d2caf8aa728d731beb8dbcd68c671a8f | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 09:57

Sharing

Report Analysis Logs

General

Target

7f8b685b435f4e98b2afbc6062e7b984.exe
Size

169KB
MD5

7f8b685b435f4e98b2afbc6062e7b984
SHA1

1dd3e548a3fa837b893c83ff141e1b5c4a4345ad
SHA256

06acb55fed03e36457f0a2cc9a069548d2caf8aa728d731beb8dbcd68c671a8f
SHA512

2b52044b820ecfea900d01cbbdfb368daf55b65d714e0f6a7309cf74e25f5171f3a8e6c2cc34e5ec14721b51cd93b0dfb747473ff45a7fce6406691b78a4ce63
SSDEEP

3072:qE48KOFzOncvYoND90ztDol5cwVmt6Ywfzavvk14W:7KOFNoi5nVmhwfzaE1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2224	2256	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2224	2256	7f8b685b435f4e98b2afbc6062e7b984.exe	28
PID 2256 wrote to memory of 2224	2256	7f8b685b435f4e98b2afbc6062e7b984.exe	28
PID 2256 wrote to memory of 2224	2256	7f8b685b435f4e98b2afbc6062e7b984.exe	28
PID 2256 wrote to memory of 2224	2256	7f8b685b435f4e98b2afbc6062e7b984.exe	28

C:\Users\Admin\AppData\Local\Temp\7f8b685b435f4e98b2afbc6062e7b984.exe
"C:\Users\Admin\AppData\Local\Temp\7f8b685b435f4e98b2afbc6062e7b984.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 100
  2⤵
  - Program crash
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download