40c087383b0ec5695e158dee70ec4e654a359dd133e0e084e6ccddb83427adc5 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 12:12

Sharing

Report Analysis Logs

General

Target

97200d70c9d3fbcec679d33fcc3733f1.exe
Size

31KB
MD5

97200d70c9d3fbcec679d33fcc3733f1
SHA1

939d09ea704adafd453498a9c6aec26861361d7a
SHA256

40c087383b0ec5695e158dee70ec4e654a359dd133e0e084e6ccddb83427adc5
SHA512

4f744a8cf3691db0749a0e41bb01a5222fffb05ebad0e18744bd2242f66dcf471b9f95b1f3fd9044fa1a6d04b4e2d67b2c5f5f5e00a8d692bee49845adb179cc
SSDEEP

768:Z+h7TzTBziifTeiZSVWihwEknh0L7OTLeNfQf9:kZ/nEkh8OTKNk

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2104	1720	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2104	1720	97200d70c9d3fbcec679d33fcc3733f1.exe	28
PID 1720 wrote to memory of 2104	1720	97200d70c9d3fbcec679d33fcc3733f1.exe	28
PID 1720 wrote to memory of 2104	1720	97200d70c9d3fbcec679d33fcc3733f1.exe	28
PID 1720 wrote to memory of 2104	1720	97200d70c9d3fbcec679d33fcc3733f1.exe	28

C:\Users\Admin\AppData\Local\Temp\97200d70c9d3fbcec679d33fcc3733f1.exe
"C:\Users\Admin\AppData\Local\Temp\97200d70c9d3fbcec679d33fcc3733f1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 36
  2⤵
  - Program crash
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download