929c7bcdef54a94eb455aade1d3ae087f821d47e660c83fccd3bc4bbb5488a87 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 23:44

Sharing

Report Analysis Logs

General

Target

c9ef2ac7f8d8676fa661b41c3dba90d8.exe
Size

146KB
MD5

c9ef2ac7f8d8676fa661b41c3dba90d8
SHA1

3c493593a68265417848a2492f36d82c6969e94e
SHA256

929c7bcdef54a94eb455aade1d3ae087f821d47e660c83fccd3bc4bbb5488a87
SHA512

cb96af440533ae8b204c1e92b299e8b05a1c10e5bafdab4035685dbd44c128e050baf3d15084149c34baf19c518bf8ac7e9f6a5fa978d4f24a5f5c5ba23c42cc
SSDEEP

3072:l2+QOi4fVxe+7V2InMneozd2ujMga5XAFbSYNWI:l2j/GXe+FMNwuIFZcWQWI

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2212	1204	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2212	1204	c9ef2ac7f8d8676fa661b41c3dba90d8.exe	28
PID 1204 wrote to memory of 2212	1204	c9ef2ac7f8d8676fa661b41c3dba90d8.exe	28
PID 1204 wrote to memory of 2212	1204	c9ef2ac7f8d8676fa661b41c3dba90d8.exe	28
PID 1204 wrote to memory of 2212	1204	c9ef2ac7f8d8676fa661b41c3dba90d8.exe	28

C:\Users\Admin\AppData\Local\Temp\c9ef2ac7f8d8676fa661b41c3dba90d8.exe
"C:\Users\Admin\AppData\Local\Temp\c9ef2ac7f8d8676fa661b41c3dba90d8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 92
  2⤵
  - Program crash
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads