2ae03d99afe5d68299dccbc6c2c58ed19565af76ffcbf5ffb8ec81093d1ed5bc | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 16:19

Sharing

Report Analysis Logs

General

Target

e217f5cbc8b12134e9eb3d629c4423c4.exe
Size

19KB
MD5

e217f5cbc8b12134e9eb3d629c4423c4
SHA1

e947554bac4ca9fe1180ee1094b312690931ed92
SHA256

2ae03d99afe5d68299dccbc6c2c58ed19565af76ffcbf5ffb8ec81093d1ed5bc
SHA512

4b6ad059d3449ed583f8c4f7082105b64aa61054d2718a364f21774acf3ae8d950eca4df9771918b20fa22e56d2261a0a5fca85be03f954e223a0617caee912c
SSDEEP

192:KhSTxjIKwWw9HxLAJDRRzUISiW9hHCvBYgGS:Qkw9GJDbzUIo99CvBVGS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	2648	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2648	e217f5cbc8b12134e9eb3d629c4423c4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2856	2648	e217f5cbc8b12134e9eb3d629c4423c4.exe	28
PID 2648 wrote to memory of 2856	2648	e217f5cbc8b12134e9eb3d629c4423c4.exe	28
PID 2648 wrote to memory of 2856	2648	e217f5cbc8b12134e9eb3d629c4423c4.exe	28
PID 2648 wrote to memory of 2856	2648	e217f5cbc8b12134e9eb3d629c4423c4.exe	28

C:\Users\Admin\AppData\Local\Temp\e217f5cbc8b12134e9eb3d629c4423c4.exe
"C:\Users\Admin\AppData\Local\Temp\e217f5cbc8b12134e9eb3d629c4423c4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 120
  2⤵
  - Program crash
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download