b6dc5b527fc59c04b20ef2e7d13e50ab116d28ac13fa650a0adb1f62676e0afb | Triage

Analysis

max time kernel
140s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 10:16

Sharing

Report Analysis Logs

General

Target

b4738597ea84bb324ce8ec935ace417b.exe
Size

2.8MB
MD5

b4738597ea84bb324ce8ec935ace417b
SHA1

d28ab1eb008085792f2df23defa2be5084e36f71
SHA256

b6dc5b527fc59c04b20ef2e7d13e50ab116d28ac13fa650a0adb1f62676e0afb
SHA512

550856d8569549f94587b1373c6c132d81901847a2207fe90fc1999a1c3c8c39905b829186779f49682c2dbf39af6117f9094c2df9757bbca6ff9b7fa5fff763
SSDEEP

768:sceD8ZH6WaQFNZKASV/sAcHdSqcaaUIkRDzZDz8eqZ:sZaH6WKVwSCRDpi

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	1072	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2916	1072	b4738597ea84bb324ce8ec935ace417b.exe	28
PID 1072 wrote to memory of 2916	1072	b4738597ea84bb324ce8ec935ace417b.exe	28
PID 1072 wrote to memory of 2916	1072	b4738597ea84bb324ce8ec935ace417b.exe	28
PID 1072 wrote to memory of 2916	1072	b4738597ea84bb324ce8ec935ace417b.exe	28

C:\Users\Admin\AppData\Local\Temp\b4738597ea84bb324ce8ec935ace417b.exe
"C:\Users\Admin\AppData\Local\Temp\b4738597ea84bb324ce8ec935ace417b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 88
  2⤵
  - Program crash
  PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1072-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download