15b400fce3b4549e8151b7b6a0464c6d617f50addcc6ef3589647f7cf7c557c6 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 13:41

Sharing

Report Analysis Logs

General

Target

bb67fe12db02d9dc397e92c576d704cf.exe
Size

290KB
MD5

bb67fe12db02d9dc397e92c576d704cf
SHA1

6018f2551d280c499b856f692736425dac33f16f
SHA256

15b400fce3b4549e8151b7b6a0464c6d617f50addcc6ef3589647f7cf7c557c6
SHA512

0036e17c22975e624d950183637172dff940dc67ab0ce37fc397ed408c92540d2f335ddb361e5b6c38b2901601a59016c45035ff8b05fce94b85e6ba93a79374
SSDEEP

6144:pjLkfX6GliQ+PuFW0cqdSxbsXeQS9neXF5:pWKG0PhCdSxbss9neF5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3052	2848	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 3052	2848	bb67fe12db02d9dc397e92c576d704cf.exe	28
PID 2848 wrote to memory of 3052	2848	bb67fe12db02d9dc397e92c576d704cf.exe	28
PID 2848 wrote to memory of 3052	2848	bb67fe12db02d9dc397e92c576d704cf.exe	28
PID 2848 wrote to memory of 3052	2848	bb67fe12db02d9dc397e92c576d704cf.exe	28

C:\Users\Admin\AppData\Local\Temp\bb67fe12db02d9dc397e92c576d704cf.exe
"C:\Users\Admin\AppData\Local\Temp\bb67fe12db02d9dc397e92c576d704cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 436
  2⤵
  - Program crash
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads