dfc5c99fb2180220639ee78ae9b8d475e2649bd7defe73f4f5f7ad4b6d7f6592 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 11:39

Sharing

Report Analysis Logs

General

Target

abcc3811b502d5a38aeca79541a362b6.exe
Size

31KB
MD5

abcc3811b502d5a38aeca79541a362b6
SHA1

ffa03eccb5f48693e3363e04ebf11fd11fdfefe4
SHA256

dfc5c99fb2180220639ee78ae9b8d475e2649bd7defe73f4f5f7ad4b6d7f6592
SHA512

f3db0a1aeb94c53ede78eef0c96125e0c4008824452716407d5edc93bb90e9b0ce5e1fa047ca30e7c30319aa13cf5b1c6db421a556e5d92772d3d16a06f5843c
SSDEEP

768:gdgOAv6Ytn8wqg3xwzjdzgQ19SR+zIXX+o:gM6YtnFxxkJd1kz

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2104	808	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2104	808	abcc3811b502d5a38aeca79541a362b6.exe	28
PID 808 wrote to memory of 2104	808	abcc3811b502d5a38aeca79541a362b6.exe	28
PID 808 wrote to memory of 2104	808	abcc3811b502d5a38aeca79541a362b6.exe	28
PID 808 wrote to memory of 2104	808	abcc3811b502d5a38aeca79541a362b6.exe	28

C:\Users\Admin\AppData\Local\Temp\abcc3811b502d5a38aeca79541a362b6.exe
"C:\Users\Admin\AppData\Local\Temp\abcc3811b502d5a38aeca79541a362b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 120
  2⤵
  - Program crash
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads