a928b82a66ba4c6a234719cfb79499bf1b426cd0f67241968419c98a7591d896 | Triage

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d672927d2ec1a3c35ef331be11e1b877.exe
Size

20KB
MD5

d672927d2ec1a3c35ef331be11e1b877
SHA1

aca7dac227c5ba0153fedb30adf7db48c357a15c
SHA256

a928b82a66ba4c6a234719cfb79499bf1b426cd0f67241968419c98a7591d896
SHA512

2b02e79788e34b8b4591eb64f5a60e49d775120693f977ad0c96919c87b78f8daea7dc360e72e5ba2769a8dc2c1b1b9f1d12b7637421df938401f8cf7476d395
SSDEEP

384:ho9vuxqrntsWFiN82dk2ZP2AzrYTYJLW1AbhLYF:+ExqyWF7kNL7bhLm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3012	2484	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 3012	2484	d672927d2ec1a3c35ef331be11e1b877.exe	28
PID 2484 wrote to memory of 3012	2484	d672927d2ec1a3c35ef331be11e1b877.exe	28
PID 2484 wrote to memory of 3012	2484	d672927d2ec1a3c35ef331be11e1b877.exe	28
PID 2484 wrote to memory of 3012	2484	d672927d2ec1a3c35ef331be11e1b877.exe	28

C:\Users\Admin\AppData\Local\Temp\d672927d2ec1a3c35ef331be11e1b877.exe
"C:\Users\Admin\AppData\Local\Temp\d672927d2ec1a3c35ef331be11e1b877.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 88
  2⤵
  - Program crash
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2484-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download