e4326352ac1b5a3655ebd246924e68e8d4ed7d35c12207766aae9f8a9ac39ad7 | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 11:23

Sharing

Report Analysis Logs

General

Target

d36230ba42677c25f7a28508d3edefb6.exe
Size

541KB
MD5

d36230ba42677c25f7a28508d3edefb6
SHA1

67bc761615d73f9b0d13dba2030fefd39a0b0e1e
SHA256

e4326352ac1b5a3655ebd246924e68e8d4ed7d35c12207766aae9f8a9ac39ad7
SHA512

d747562352ca388dac6ca4e2e40d775a1dff1911d0c910ac581f9e07e74da6f6c70ae62218c73d6c51040e3b3b2a724aed043165354d46605d81d92c44264350
SSDEEP

12288:sibmLQvyveYyqBB2ObLrMpNng9sR6y3HqkgonXT:soGQvTYT324mFxAqg6XT

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2176	2088	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2176	2088	d36230ba42677c25f7a28508d3edefb6.exe	28
PID 2088 wrote to memory of 2176	2088	d36230ba42677c25f7a28508d3edefb6.exe	28
PID 2088 wrote to memory of 2176	2088	d36230ba42677c25f7a28508d3edefb6.exe	28
PID 2088 wrote to memory of 2176	2088	d36230ba42677c25f7a28508d3edefb6.exe	28

C:\Users\Admin\AppData\Local\Temp\d36230ba42677c25f7a28508d3edefb6.exe
"C:\Users\Admin\AppData\Local\Temp\d36230ba42677c25f7a28508d3edefb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 192
  2⤵
  - Program crash
  PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2088-1-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/2088-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download