1b317d9301e3bda1e3e2958a9c5417c11d90eddac995ac740f68e3941bc4bd05 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 12:43

Sharing

Report Analysis Logs

General

Target

9bb3ff8cf7e0da723ee1f2a5894abab8.exe
Size

128KB
MD5

9bb3ff8cf7e0da723ee1f2a5894abab8
SHA1

0d41dfce09068e694339e0faffb134372a3494e3
SHA256

1b317d9301e3bda1e3e2958a9c5417c11d90eddac995ac740f68e3941bc4bd05
SHA512

f53d458541e05d74884b8c4ab1f3bfa57df167afdfef9ff8fef8541286875af5838e9aaadbf116f32a9bf14f55e8dca7a084a684a99104f5e9694d089fc8acd8
SSDEEP

3072:K/WG6yhEu1rP/HPurZjviqRpT7Qf7IAu7:KzhKIHHKTzR9Qf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	2052	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1968	2052	9bb3ff8cf7e0da723ee1f2a5894abab8.exe	28
PID 2052 wrote to memory of 1968	2052	9bb3ff8cf7e0da723ee1f2a5894abab8.exe	28
PID 2052 wrote to memory of 1968	2052	9bb3ff8cf7e0da723ee1f2a5894abab8.exe	28
PID 2052 wrote to memory of 1968	2052	9bb3ff8cf7e0da723ee1f2a5894abab8.exe	28

C:\Users\Admin\AppData\Local\Temp\9bb3ff8cf7e0da723ee1f2a5894abab8.exe
"C:\Users\Admin\AppData\Local\Temp\9bb3ff8cf7e0da723ee1f2a5894abab8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 56
  2⤵
  - Program crash
  PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2052-0-0x0000000000400000-0x00000000004237EC-memory.dmp

Filesize
141KB

Download