cf2db4e305a4754cf4d9799d4681b0414b556f0fd83b5760e07c88fff637cb1f | Triage

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 08:37

Sharing

Report Analysis Logs

General

Target

$TEMP/jah312913.exe
Size

31KB
MD5

f56df4dcfd49c789e0c83e160c1ce623
SHA1

e9e2deaa69224c12c089826bd52a18592625b4df
SHA256

25d7057b821465f5238226b3846b4b4e589e713265f7cf8dff40ba1c3560c0e1
SHA512

f76e7e1f3feb3b98f25eb12885b44b92a7dde66c929721d13518486b9a4564f1fcaeeaadb7cb97f4911711c252dd43383a2fc248a3a52a1c3c62ddd00cc85036
SSDEEP

768:JK/RBJA+urjvZq1HE4sH12q7LSaqCXqah6R8Ax63:JK/RBJAneE4M2qvjj5A

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1216	1680	WerFault.exe	22

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 1216	1680	jah312913.exe	28
PID 1680 wrote to memory of 1216	1680	jah312913.exe	28
PID 1680 wrote to memory of 1216	1680	jah312913.exe	28
PID 1680 wrote to memory of 1216	1680	jah312913.exe	28

C:\Users\Admin\AppData\Local\Temp\$TEMP\jah312913.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\jah312913.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 36
  2⤵
  - Program crash
  PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download