e1be844fd9f21af585fd34a80e2334ad6771a9eb8b81384fc7d1965d14b484f6 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 03:16

Sharing

Report Analysis Logs

General

Target

961ab4fffc8e9490782274afaa8e164b.exe
Size

80KB
MD5

961ab4fffc8e9490782274afaa8e164b
SHA1

a2e57b4febff0a20cd7395c5467ac3b3afa53ce6
SHA256

e1be844fd9f21af585fd34a80e2334ad6771a9eb8b81384fc7d1965d14b484f6
SHA512

f506408755a5dcb1e960794b0ac81c684219faea308f11a739ed35ea206ad9f42e888fe13fbc341232e30fed8707bdca62742d2a1dd6bb2543439307391a8a6d
SSDEEP

768:TBnklW+C68f5M2iNzZ63vxYMWZjVEBFB8K1vbHR8z:TAR76pYZn6np1v

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	3056	WerFault.exe	14

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2168	3056	961ab4fffc8e9490782274afaa8e164b.exe	29
PID 3056 wrote to memory of 2168	3056	961ab4fffc8e9490782274afaa8e164b.exe	29
PID 3056 wrote to memory of 2168	3056	961ab4fffc8e9490782274afaa8e164b.exe	29
PID 3056 wrote to memory of 2168	3056	961ab4fffc8e9490782274afaa8e164b.exe	29

C:\Users\Admin\AppData\Local\Temp\961ab4fffc8e9490782274afaa8e164b.exe
"C:\Users\Admin\AppData\Local\Temp\961ab4fffc8e9490782274afaa8e164b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 36
  2⤵
  - Program crash
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads