6ef5c9aa9bcc1ae2c6fdaea39f1d5645c5e2c81438cf80377f2d3419eb391f6f | Triage

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 23:37

Sharing

Report Analysis Logs

General

Target

c1e5a862743ccb2bdde5573b7b182065.exe
Size

70KB
MD5

c1e5a862743ccb2bdde5573b7b182065
SHA1

beb437927622d0b40f80d1b2b5404fd8c0de945c
SHA256

6ef5c9aa9bcc1ae2c6fdaea39f1d5645c5e2c81438cf80377f2d3419eb391f6f
SHA512

47ef876fd82980e3f5e16ad119653ac921d12cead88e2dc0f64fe78d6cc92d702c48453ffebf19b4239d60b46390ea327c5d6eaa78925fd2497a2af3b0091fe2
SSDEEP

1536:yp+ZXcCvfA2p2nNWsZye5rym3DqjvJAm8rE:2+Zsufhp2UsZFrym3DSC7rE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	2844	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2856	2844	c1e5a862743ccb2bdde5573b7b182065.exe	28
PID 2844 wrote to memory of 2856	2844	c1e5a862743ccb2bdde5573b7b182065.exe	28
PID 2844 wrote to memory of 2856	2844	c1e5a862743ccb2bdde5573b7b182065.exe	28
PID 2844 wrote to memory of 2856	2844	c1e5a862743ccb2bdde5573b7b182065.exe	28

C:\Users\Admin\AppData\Local\Temp\c1e5a862743ccb2bdde5573b7b182065.exe
"C:\Users\Admin\AppData\Local\Temp\c1e5a862743ccb2bdde5573b7b182065.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 88
  2⤵
  - Program crash
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2844-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download