bb86d13310be1541390fd602a9347662cdb4b501559053c37139ad0abbea7520 | Triage

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 02:51

Sharing

Report Analysis Logs

General

Target

cceb9d54a386ce355f26b273bdd746ef.exe
Size

34KB
MD5

cceb9d54a386ce355f26b273bdd746ef
SHA1

c4344947d7be0490319d410d0fe729d4e30895de
SHA256

bb86d13310be1541390fd602a9347662cdb4b501559053c37139ad0abbea7520
SHA512

ae7859723d947bf46b78dfebd2b874af42fb7504aae5bc8687360d54e348fd247038c0806c8483efa8e853b3e836d173d69f23facd6fd9f8d2d52c8b6348c1ec
SSDEEP

768:RzpfiUAxoXmJrWDJWByILaxkYpWrRbX2ThxB:ffEe2kFWgIGdpWrEd

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2388	2208	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2388	2208	cceb9d54a386ce355f26b273bdd746ef.exe	28
PID 2208 wrote to memory of 2388	2208	cceb9d54a386ce355f26b273bdd746ef.exe	28
PID 2208 wrote to memory of 2388	2208	cceb9d54a386ce355f26b273bdd746ef.exe	28
PID 2208 wrote to memory of 2388	2208	cceb9d54a386ce355f26b273bdd746ef.exe	28

C:\Users\Admin\AppData\Local\Temp\cceb9d54a386ce355f26b273bdd746ef.exe
"C:\Users\Admin\AppData\Local\Temp\cceb9d54a386ce355f26b273bdd746ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 160
  2⤵
  - Program crash
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-1-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2208-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2208-2-0x0000000000220000-0x0000000000250000-memory.dmp

Filesize
192KB

Download
memory/2208-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download