352578ba6598ce5f6b9be1bf9a2e0a2c9ea5f216617a93869684d05b57104f43 | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 09:34

Sharing

Report Analysis Logs

General

Target

a37217c0d06c885075cd5a54615d6d8b.exe
Size

67KB
MD5

a37217c0d06c885075cd5a54615d6d8b
SHA1

a34012be08fef3011a4ee26f8e39bb676e56a86a
SHA256

352578ba6598ce5f6b9be1bf9a2e0a2c9ea5f216617a93869684d05b57104f43
SHA512

7d9f6fcb4ee9826fedd454cd80214e6d3f0bf354593fea1c4955ba63ae0eade62d34f9a2174ddda6fab2501d206ac6ae00e1db77f3bf4aecdce0448a77cd2116
SSDEEP

1536:REXuxXOfVgi1jVs6E0cvLeBfv3JC5hiMhf:Rl1Ot5pDE0cSB35wcC

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1648	1900	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 1648	1900	a37217c0d06c885075cd5a54615d6d8b.exe	26
PID 1900 wrote to memory of 1648	1900	a37217c0d06c885075cd5a54615d6d8b.exe	26
PID 1900 wrote to memory of 1648	1900	a37217c0d06c885075cd5a54615d6d8b.exe	26
PID 1900 wrote to memory of 1648	1900	a37217c0d06c885075cd5a54615d6d8b.exe	26

C:\Users\Admin\AppData\Local\Temp\a37217c0d06c885075cd5a54615d6d8b.exe
"C:\Users\Admin\AppData\Local\Temp\a37217c0d06c885075cd5a54615d6d8b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 148
  2⤵
  - Program crash
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1900-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1900-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download