280c406869a339aa3e4e8aa54742af9ecb0de2cf0784907a17f8ba032a9ebf13 | Triage

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:13

Sharing

Report Analysis Logs

General

Target

d6154725fbd3747d5684bcca2d4683e7.exe
Size

28KB
MD5

d6154725fbd3747d5684bcca2d4683e7
SHA1

3aca8fa54567084adc880ca19de6482ecb84b334
SHA256

280c406869a339aa3e4e8aa54742af9ecb0de2cf0784907a17f8ba032a9ebf13
SHA512

9acaec5a6cfdecb0a03920c7c908605e99d9c4dd5b1cd7bdbfe34c02fd81eed0c5bf7a5cd65f4c58a71d429aa88d218a9a517393e9d855df3c2ecde7a7ff2d6a
SSDEEP

768:7Exue5lZFoEb5eSpnqKtq/aZQneOE6oxb:0uMlZCALBt9g7E6oh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2176	2600	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2176	2600	d6154725fbd3747d5684bcca2d4683e7.exe	28
PID 2600 wrote to memory of 2176	2600	d6154725fbd3747d5684bcca2d4683e7.exe	28
PID 2600 wrote to memory of 2176	2600	d6154725fbd3747d5684bcca2d4683e7.exe	28
PID 2600 wrote to memory of 2176	2600	d6154725fbd3747d5684bcca2d4683e7.exe	28

C:\Users\Admin\AppData\Local\Temp\d6154725fbd3747d5684bcca2d4683e7.exe
"C:\Users\Admin\AppData\Local\Temp\d6154725fbd3747d5684bcca2d4683e7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 36
  2⤵
  - Program crash
  PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download