0a704e3327538643b64481b19476d1e4bf99603aec36ee84c51d69d9ea9b445c | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 08:15

Sharing

Report Analysis Logs

General

Target

c82361317d5db3ea06461a1ecb15dc1a.exe
Size

104KB
MD5

c82361317d5db3ea06461a1ecb15dc1a
SHA1

8e71c83219b64d42ec9ab77408b315ae2e3c6026
SHA256

0a704e3327538643b64481b19476d1e4bf99603aec36ee84c51d69d9ea9b445c
SHA512

c115c169605b23fa2de2c755ef25e7c0689b910e808a2043a52b4c2f5cb4423422a5c779d316d5f28f01c127e7d034f3e45300d1639eb0736e140c0e60079113
SSDEEP

3072:Ai8xmH56W4n5iLneNMhFxv8cNumx/PyAr:cm0nmnhn8cNGE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2160	2924	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2160	2924	c82361317d5db3ea06461a1ecb15dc1a.exe	28
PID 2924 wrote to memory of 2160	2924	c82361317d5db3ea06461a1ecb15dc1a.exe	28
PID 2924 wrote to memory of 2160	2924	c82361317d5db3ea06461a1ecb15dc1a.exe	28
PID 2924 wrote to memory of 2160	2924	c82361317d5db3ea06461a1ecb15dc1a.exe	28

C:\Users\Admin\AppData\Local\Temp\c82361317d5db3ea06461a1ecb15dc1a.exe
"C:\Users\Admin\AppData\Local\Temp\c82361317d5db3ea06461a1ecb15dc1a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 36
  2⤵
  - Program crash
  PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download