7aac12a1f8d2dcd7da42fecd31f9d49577c8b2fc2f8292d75536e660c70f4d3e | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 03:46

Sharing

Report Analysis Logs

General

Target

c25fb78d1e2bde9893967c94855b538e.exe
Size

108KB
MD5

c25fb78d1e2bde9893967c94855b538e
SHA1

f5f75d73a2959eb90317dbf4db26f7ae7b57c97e
SHA256

7aac12a1f8d2dcd7da42fecd31f9d49577c8b2fc2f8292d75536e660c70f4d3e
SHA512

a45c254ab5e35727aba5100259e5a11675ca01b2f9cd69e0687baf62918aa308d72d9ed65c8d794a2c4f0286910e432f059ffafb14f94fe5202d20c64d1b3dc7
SSDEEP

3072:Dnr4okYXwS9rbsTZzs4Ns6RjKAyxPUoU2:D11r2A4eYjK/Uo3

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	2156	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2004	2156	c25fb78d1e2bde9893967c94855b538e.exe	28
PID 2156 wrote to memory of 2004	2156	c25fb78d1e2bde9893967c94855b538e.exe	28
PID 2156 wrote to memory of 2004	2156	c25fb78d1e2bde9893967c94855b538e.exe	28
PID 2156 wrote to memory of 2004	2156	c25fb78d1e2bde9893967c94855b538e.exe	28

C:\Users\Admin\AppData\Local\Temp\c25fb78d1e2bde9893967c94855b538e.exe
"C:\Users\Admin\AppData\Local\Temp\c25fb78d1e2bde9893967c94855b538e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 88
  2⤵
  - Program crash
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2156-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2156-2-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/2156-1-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download