74375fb2d74b7174b1444727d6bd1534918dce2deffdf037cfc3050c20679d83 | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 20:18

Sharing

Report Analysis Logs

General

Target

file.exe
Size

409KB
MD5

5e32f62d26b4476c6862785b9d6b5db3
SHA1

8fc02bcd0def2535b64690e5a5ad4932bc92a398
SHA256

74375fb2d74b7174b1444727d6bd1534918dce2deffdf037cfc3050c20679d83
SHA512

52a24032e70c00461694e271cd4bbacf0353a4a2c6a8fed15def4fe1fe4f9792dea10a3a4cc9f7c72a0e9e4280220d7ae362fce33703885a1d417979d75f395c
SSDEEP

6144:D0EpI60nbM8uPZy3+8KID4LunuX2Csvo0ZtPZ4mr99uXDgXyXHS:4E+60nbnuPL5X2NVrZhrz8HS

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	2860	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1556	2860	file.exe	29
PID 2860 wrote to memory of 1556	2860	file.exe	29
PID 2860 wrote to memory of 1556	2860	file.exe	29
PID 2860 wrote to memory of 1556	2860	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 36
  2⤵
  - Program crash
  PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2860-0-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download