dc9711f0ba291c0aef495f9dfab6707108a49968c8ef33a826c55e231aeb03ee | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 13:55

Sharing

Report Analysis Logs

General

Target

ce38101a3995438a891466d6a0fb9df7.exe
Size

72KB
MD5

ce38101a3995438a891466d6a0fb9df7
SHA1

37d2fca6758de8c587b30c1c8c50b980adf36d67
SHA256

dc9711f0ba291c0aef495f9dfab6707108a49968c8ef33a826c55e231aeb03ee
SHA512

847bc8d7b021a372c45e16f50bed4086bfc2f9a03c30966e0deb263bb4835afdf03c0076308d1ff18b929fb96ea86eaaf1526ab55886e570acbc8f4afa892713
SSDEEP

1536:XTD1L+BLRY0hPrJFhqOiX+c3lOxPAlP6:jD1ynY0hTJFAbXjVOKF6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2336 1244 WerFault.exe ce38101a3995438a891466d6a0fb9df7.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ce38101a3995438a891466d6a0fb9df7.exe

description	pid	process	target process
PID 1244 wrote to memory of 2336	1244	ce38101a3995438a891466d6a0fb9df7.exe	WerFault.exe
PID 1244 wrote to memory of 2336	1244	ce38101a3995438a891466d6a0fb9df7.exe	WerFault.exe
PID 1244 wrote to memory of 2336	1244	ce38101a3995438a891466d6a0fb9df7.exe	WerFault.exe
PID 1244 wrote to memory of 2336	1244	ce38101a3995438a891466d6a0fb9df7.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ce38101a3995438a891466d6a0fb9df7.exe
"C:\Users\Admin\AppData\Local\Temp\ce38101a3995438a891466d6a0fb9df7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 92
2⤵
- Program crash
PID:2336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...