f01823d6655db471e4bb168c6a7089f2e115fc7227cedc3d315682d9ec369fa8 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 10:34

Sharing

Report Analysis Logs

General

Target

c867e97d8075eb63ef7b76030d7d4e79.exe
Size

79KB
MD5

c867e97d8075eb63ef7b76030d7d4e79
SHA1

1b93084244a451e04ab3ae4bcebca8e7f7e551c1
SHA256

f01823d6655db471e4bb168c6a7089f2e115fc7227cedc3d315682d9ec369fa8
SHA512

f60c1837f22392a54ad0fba703d547794d4542812143bc70b2cc9d559141fb0ee568809b87900d686a81f8ad03a61f05626265f1f3b593cbf738d8a488b9f718
SSDEEP

48:WNJMRTojhQdQV0EcXehM3+2APB0mehM3+2APBN5:BRcwQVdcNu2xOu2O5

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	2820	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1732	2820	c867e97d8075eb63ef7b76030d7d4e79.exe	28
PID 2820 wrote to memory of 1732	2820	c867e97d8075eb63ef7b76030d7d4e79.exe	28
PID 2820 wrote to memory of 1732	2820	c867e97d8075eb63ef7b76030d7d4e79.exe	28
PID 2820 wrote to memory of 1732	2820	c867e97d8075eb63ef7b76030d7d4e79.exe	28

C:\Users\Admin\AppData\Local\Temp\c867e97d8075eb63ef7b76030d7d4e79.exe
"C:\Users\Admin\AppData\Local\Temp\c867e97d8075eb63ef7b76030d7d4e79.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 116
  2⤵
  - Program crash
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads