2ec3335f7b95fc5b2ddeca60903e03edb39e486ccb2bc2ca3336d1245d80d5ec | Triage

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:49

Sharing

Report Analysis Logs

General

Target

b586a8beb1bce376e50a748b0cfbb10f.exe
Size

55KB
MD5

b586a8beb1bce376e50a748b0cfbb10f
SHA1

a7cc95d9152b432f293f9b646e342ee04cf15bf8
SHA256

2ec3335f7b95fc5b2ddeca60903e03edb39e486ccb2bc2ca3336d1245d80d5ec
SHA512

fa7b12f4b7181a9f6e791d733c9ca8e17aa5b8d9eb2292c006f8ac69ed60faac3d19309ab89df3b4c186d5f6991986474c62913d2e37163333d4a1adbd30600f
SSDEEP

1536:mCJoLDkh/84DiTtd3MgpEAJwUXexP3616N:mCJo0y4WBREAJ/Xw36wN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2092	2908	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2092	2908	b586a8beb1bce376e50a748b0cfbb10f.exe	27
PID 2908 wrote to memory of 2092	2908	b586a8beb1bce376e50a748b0cfbb10f.exe	27
PID 2908 wrote to memory of 2092	2908	b586a8beb1bce376e50a748b0cfbb10f.exe	27
PID 2908 wrote to memory of 2092	2908	b586a8beb1bce376e50a748b0cfbb10f.exe	27

C:\Users\Admin\AppData\Local\Temp\b586a8beb1bce376e50a748b0cfbb10f.exe
"C:\Users\Admin\AppData\Local\Temp\b586a8beb1bce376e50a748b0cfbb10f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 88
  2⤵
  - Program crash
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2908-0-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download