082cd5209ef1fecf25b394561f07ee65d40379ad7b33f97bae8d16ddac11b873 | Triage

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 13:10

Sharing

Report Analysis Logs

General

Target

a3de66b09996c0853b39a65906f7c587.exe
Size

59KB
MD5

a3de66b09996c0853b39a65906f7c587
SHA1

c676492ef3c61715765556744619a5f7270eb900
SHA256

082cd5209ef1fecf25b394561f07ee65d40379ad7b33f97bae8d16ddac11b873
SHA512

1a1661058676841d87a971ee270053f59b23dab70ef15b8dcf4e3ed08d129160a9f56e62f3720f64b9de9995c85a42a0346433704ca48781e469cab8cd2c47be
SSDEEP

1536:8eOvwAG2gP4hqhaCPJSINmCg2gQ1thlism:8eOvw91hZJSARPht/ism

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1624	2456	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 1624	2456	a3de66b09996c0853b39a65906f7c587.exe	1
PID 2456 wrote to memory of 1624	2456	a3de66b09996c0853b39a65906f7c587.exe	1
PID 2456 wrote to memory of 1624	2456	a3de66b09996c0853b39a65906f7c587.exe	1
PID 2456 wrote to memory of 1624	2456	a3de66b09996c0853b39a65906f7c587.exe	1

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 36
1⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\a3de66b09996c0853b39a65906f7c587.exe
"C:\Users\Admin\AppData\Local\Temp\a3de66b09996c0853b39a65906f7c587.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2456-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download