7dfc3f2c87919dbc9afdf055e64cd955365f031cd2a3e57da59791b77247246c | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 07:47

Sharing

Report Analysis Logs

General

Target

d594f97cb185a899f375a02ebdbc6df7.exe
Size

126KB
MD5

d594f97cb185a899f375a02ebdbc6df7
SHA1

d0e82c691d720afa2dd1c7a6e4a6e4f02f35329e
SHA256

7dfc3f2c87919dbc9afdf055e64cd955365f031cd2a3e57da59791b77247246c
SHA512

6492a5ea12157f7d7636c5a2fcd02d79c7bfb3b61e4a71610e0f331aa958a6fd973b4bfed1c13ce35db80efee481b0451b798b43e62ba03ff06a7b3fe7ae82dd
SSDEEP

3072:A9lfmSj28Yh5t03EV8YlnsXttWWmjcFkFtW72HvSt:A9lvyhVqvui2at

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2336	2752	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2336	2752	d594f97cb185a899f375a02ebdbc6df7.exe	28
PID 2752 wrote to memory of 2336	2752	d594f97cb185a899f375a02ebdbc6df7.exe	28
PID 2752 wrote to memory of 2336	2752	d594f97cb185a899f375a02ebdbc6df7.exe	28
PID 2752 wrote to memory of 2336	2752	d594f97cb185a899f375a02ebdbc6df7.exe	28

C:\Users\Admin\AppData\Local\Temp\d594f97cb185a899f375a02ebdbc6df7.exe
"C:\Users\Admin\AppData\Local\Temp\d594f97cb185a899f375a02ebdbc6df7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 36
  2⤵
  - Program crash
  PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2752-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download