c5868ab95a7ce5970409f2e95a8137e71c9f8f73dd0d1ce5c49e8cc83ed31442 | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 11:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d35eb57ad1baf898cca00add27b3a081.exe
Size

10KB
MD5

d35eb57ad1baf898cca00add27b3a081
SHA1

a594c4181bd7236ee03c956869f910fa8d2c09d1
SHA256

c5868ab95a7ce5970409f2e95a8137e71c9f8f73dd0d1ce5c49e8cc83ed31442
SHA512

04343e6ac304b6cd8a009e052361f4ea50cf7a6fdddb39567beb25d12d60989ac84b0c9877509bcb77e34814f3b844763b7f8767091966418d341b7e742c793c
SSDEEP

192:+mUh71UJhtC3D3kMMK9qTuRIT4yY2A4YaHJKY6lp:8J+tCz3kSqTuRjYAopKYO

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2912	2856	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2912	2856	d35eb57ad1baf898cca00add27b3a081.exe	28
PID 2856 wrote to memory of 2912	2856	d35eb57ad1baf898cca00add27b3a081.exe	28
PID 2856 wrote to memory of 2912	2856	d35eb57ad1baf898cca00add27b3a081.exe	28
PID 2856 wrote to memory of 2912	2856	d35eb57ad1baf898cca00add27b3a081.exe	28

C:\Users\Admin\AppData\Local\Temp\d35eb57ad1baf898cca00add27b3a081.exe
"C:\Users\Admin\AppData\Local\Temp\d35eb57ad1baf898cca00add27b3a081.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 196
  2⤵
  - Program crash
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2856-0-0x0000000000400000-0x0000000000444200-memory.dmp

Filesize
272KB

Download
memory/2856-1-0x0000000000400000-0x0000000000444200-memory.dmp

Filesize
272KB

Download