ae579e82c9a9c9410bb61deb4bac8768f9fd7063d17bc4e709bb076dd43892dc | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 00:29

Sharing

Report Analysis Logs

General

Target

cca463ea737a8825ce84f785468cc461.exe
Size

65KB
MD5

cca463ea737a8825ce84f785468cc461
SHA1

7613ccf628eded131889638ea82c0642fcf442c0
SHA256

ae579e82c9a9c9410bb61deb4bac8768f9fd7063d17bc4e709bb076dd43892dc
SHA512

e9f831bf7cecfdce2ada008f58a4a3372f54d0baac6086326029e7320b28121c57d10a69e82ed989cca5d7c653e442e59833521ffc7d052a3897768c51f4dfbf
SSDEEP

1536:0uj8nj8gjE+miWOSkOTcQHSwBj8r6j8n03BT:IYr+xWOSkA9yw2rrn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2320	2700	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2320	2700	cca463ea737a8825ce84f785468cc461.exe	28
PID 2700 wrote to memory of 2320	2700	cca463ea737a8825ce84f785468cc461.exe	28
PID 2700 wrote to memory of 2320	2700	cca463ea737a8825ce84f785468cc461.exe	28
PID 2700 wrote to memory of 2320	2700	cca463ea737a8825ce84f785468cc461.exe	28

C:\Users\Admin\AppData\Local\Temp\cca463ea737a8825ce84f785468cc461.exe
"C:\Users\Admin\AppData\Local\Temp\cca463ea737a8825ce84f785468cc461.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 108
  2⤵
  - Program crash
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2700-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download