0f52c63aefce1b11ee237636ae8dfa9b63775d5d495a358ef697b572eb0be44b | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 22:50

Sharing

Report Analysis Logs

General

Target

aa5bd87f6db99278ae8d7e561fb31810.exe
Size

55KB
MD5

aa5bd87f6db99278ae8d7e561fb31810
SHA1

f195eed3915c9beaeb25ee6997daf50b6cc97565
SHA256

0f52c63aefce1b11ee237636ae8dfa9b63775d5d495a358ef697b572eb0be44b
SHA512

ff6316e93686bfde8cbf94495708f93af25996b4604b6fd4634f27d632f526ba293ad755179766ecb5f97a2a9cffced7c6a8fdf80ed6f85bc06ccf2e251e1a51
SSDEEP

1536:SArUv5tKzNhaIlxf2SuMklatQMhR1ouovmLB:SCNdxf2SHttD2FuL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2664	1996	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2664	1996	aa5bd87f6db99278ae8d7e561fb31810.exe	28
PID 1996 wrote to memory of 2664	1996	aa5bd87f6db99278ae8d7e561fb31810.exe	28
PID 1996 wrote to memory of 2664	1996	aa5bd87f6db99278ae8d7e561fb31810.exe	28
PID 1996 wrote to memory of 2664	1996	aa5bd87f6db99278ae8d7e561fb31810.exe	28

C:\Users\Admin\AppData\Local\Temp\aa5bd87f6db99278ae8d7e561fb31810.exe
"C:\Users\Admin\AppData\Local\Temp\aa5bd87f6db99278ae8d7e561fb31810.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 36
  2⤵
  - Program crash
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1996-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1996-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1996-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download