1750c8c131a8c9412ac9145421a4795f6faa4ba2f6402d09a223a93baecb64b8 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8776cb7a9cbfff8ec2f41c82bb126eb5.exe
Size

30KB
MD5

8776cb7a9cbfff8ec2f41c82bb126eb5
SHA1

f5071a925b220a0788b10b4ae0cac34f9887b296
SHA256

1750c8c131a8c9412ac9145421a4795f6faa4ba2f6402d09a223a93baecb64b8
SHA512

d1a5131f1e66a576711ea5f77634c1a1871987f44af8f363c49ca26a097d52b6357024d2f4d13bb5571caa0c59c9ee9a523a7456d6751598aa27a09bb1e8d598
SSDEEP

768:JW1lUzxXbnNYMvktDf58Cyzb2jygJ2x0GSEf:MQzx7NfkF5k2jygsG9Ef

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2912	3004	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2912	3004	8776cb7a9cbfff8ec2f41c82bb126eb5.exe	28
PID 3004 wrote to memory of 2912	3004	8776cb7a9cbfff8ec2f41c82bb126eb5.exe	28
PID 3004 wrote to memory of 2912	3004	8776cb7a9cbfff8ec2f41c82bb126eb5.exe	28
PID 3004 wrote to memory of 2912	3004	8776cb7a9cbfff8ec2f41c82bb126eb5.exe	28

C:\Users\Admin\AppData\Local\Temp\8776cb7a9cbfff8ec2f41c82bb126eb5.exe
"C:\Users\Admin\AppData\Local\Temp\8776cb7a9cbfff8ec2f41c82bb126eb5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 88
  2⤵
  - Program crash
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3004-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download