4dcf441a408d89c92bc0d9ac26d010e5eb2dee5cb40f6da9f3490919709f6172 | Triage

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 21:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

99fde299d7699dc64c4ea181786c7ffa.exe
Size

35KB
MD5

99fde299d7699dc64c4ea181786c7ffa
SHA1

537c01472d6117a80a9ddf04e6f51099369fffbf
SHA256

4dcf441a408d89c92bc0d9ac26d010e5eb2dee5cb40f6da9f3490919709f6172
SHA512

ab564e54091937a128a48dde268acd32c9989cd748846876618fd008f39907c5dabe0022de94b08c493bf93c620dfa4e393c1990dec4977d9083b23faba61f34
SSDEEP

768:+DE/zZ5kQInFqoFUl85seW6mKlpCawo1KGjxX9UI:DxoFUl85seWhKlQ5whxX9UI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1668	2024	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1668	2024	99fde299d7699dc64c4ea181786c7ffa.exe	28
PID 2024 wrote to memory of 1668	2024	99fde299d7699dc64c4ea181786c7ffa.exe	28
PID 2024 wrote to memory of 1668	2024	99fde299d7699dc64c4ea181786c7ffa.exe	28
PID 2024 wrote to memory of 1668	2024	99fde299d7699dc64c4ea181786c7ffa.exe	28

C:\Users\Admin\AppData\Local\Temp\99fde299d7699dc64c4ea181786c7ffa.exe
"C:\Users\Admin\AppData\Local\Temp\99fde299d7699dc64c4ea181786c7ffa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 100
  2⤵
  - Program crash
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2024-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download