e137a11729ea0cb738ca805bef8363f6097eed3a664ffe357917cf7b1c0008ae | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 20:56

Sharing

Report Analysis Logs

General

Target

e014af5cfd66c9fba3b32409af132c45.exe
Size

123KB
MD5

e014af5cfd66c9fba3b32409af132c45
SHA1

fcfdfe4f5ff5f479eb5aaf9809c79615e31c3c80
SHA256

e137a11729ea0cb738ca805bef8363f6097eed3a664ffe357917cf7b1c0008ae
SHA512

739498db1bd19053146959ba7c12b05eb2b3d2456b5447d066fbecb7feffa5df5ae934321c7d1933c880d4be0245f84df57d9b49b4141689144d3059c19ee0cf
SSDEEP

3072:ooWe+SMOuXyHqTvtt6MkzZ2OF4vVO/zew8iL8:h+SMOf0t0RzZ2s4A/zd8iw

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	2292	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2052	2292	e014af5cfd66c9fba3b32409af132c45.exe	28
PID 2292 wrote to memory of 2052	2292	e014af5cfd66c9fba3b32409af132c45.exe	28
PID 2292 wrote to memory of 2052	2292	e014af5cfd66c9fba3b32409af132c45.exe	28
PID 2292 wrote to memory of 2052	2292	e014af5cfd66c9fba3b32409af132c45.exe	28

C:\Users\Admin\AppData\Local\Temp\e014af5cfd66c9fba3b32409af132c45.exe
"C:\Users\Admin\AppData\Local\Temp\e014af5cfd66c9fba3b32409af132c45.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 36
  2⤵
  - Program crash
  PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2292-1-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download