e84c043b4cc2703b8454cb1c5215d69a80dd7946bd049c50f5f9aaae3efef732 | Triage

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 15:42

Sharing

Report Analysis Logs

General

Target

العنود.exe
Size

358KB
MD5

c78570e28d30ffef470f20d2d66362d5
SHA1

22bda1764316906402c8acccee2c6fd329b7689e
SHA256

1234966c7b51df3c087f85985d5c56b164a42b85afc8b1f99aa582d7589ef7b4
SHA512

1acc68aef7abf443a92e562b6e09fa9f504f93f35f3caa07e25a42dd91d4698a6a6e533ca12254173addc1604b49b5ab8a933751a19054150a376b23789d7000
SSDEEP

6144:Lj5KPoqWbAl8/f9XgnVW5GJZ2tNYLj8MfsxHi8msih0OSYkMRGL:3+xlqXwVzYKj86sxHtmsiSOSY5RGL

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2172	2188	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2172	2188	العنود.exe	28
PID 2188 wrote to memory of 2172	2188	العنود.exe	28
PID 2188 wrote to memory of 2172	2188	العنود.exe	28
PID 2188 wrote to memory of 2172	2188	العنود.exe	28

C:\Users\Admin\AppData\Local\Temp\العنود.exe
"C:\Users\Admin\AppData\Local\Temp\العنود.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 124
  2⤵
  - Program crash
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2188-0-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2188-1-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download