d763b3d35b8320cf5fe4620e14bd720841c53c37f0b9035d7d7d5f35c1b3d841 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd46402017901bbcf3dd9fe8da34d73e.exe
Size

153KB
MD5

bd46402017901bbcf3dd9fe8da34d73e
SHA1

d5f0ceba10395cb28f580fae65dbdefa9008360a
SHA256

d763b3d35b8320cf5fe4620e14bd720841c53c37f0b9035d7d7d5f35c1b3d841
SHA512

a8621dd0d34da6bbe8ec41db2419ccf1a6aa444dae33aecfd28cbfb995ec6ed027b851becfa475a33e2caf47d719f80071a8ddf447f2d7bea80848a7b5f75a09
SSDEEP

3072:d6YmFdEt2O0waKV/KwqA/J4YbVcgZfYHI:d6Ym8cOaK5r7h4sRZw

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1716	2196	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1716	2196	bd46402017901bbcf3dd9fe8da34d73e.exe	28
PID 2196 wrote to memory of 1716	2196	bd46402017901bbcf3dd9fe8da34d73e.exe	28
PID 2196 wrote to memory of 1716	2196	bd46402017901bbcf3dd9fe8da34d73e.exe	28
PID 2196 wrote to memory of 1716	2196	bd46402017901bbcf3dd9fe8da34d73e.exe	28

C:\Users\Admin\AppData\Local\Temp\bd46402017901bbcf3dd9fe8da34d73e.exe
"C:\Users\Admin\AppData\Local\Temp\bd46402017901bbcf3dd9fe8da34d73e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 36
  2⤵
  - Program crash
  PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2196-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download