14abc00e02cdb2b79ab7add0eacded507ce221f6be30983f39d35971b98b003f | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 11:03

Sharing

Report Analysis Logs

General

Target

84.exe
Size

1.2MB
MD5

76d4c89a924ca96a4db65a522147f75e
SHA1

1e004f69ef569a18658315c5afc08c8580ebda9c
SHA256

13820ab5054e6bd8631b6f04c151cd9199fa618b9e2b419d9a10ef9766d99058
SHA512

63db12832ccfe3bdc402a89e7e306ccead0f918eca43963214d638dea8261a9d52f0c2595db16d2874c989a390ee04db11477689255ec4d197f177a29774c68b
SSDEEP

24576:tlrDKi6JIK8luK3932JE9bMsYpZSD0GDxcCZ1oXM2VIisE:tlaKluK3932K6U+a1o7sE

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2940	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2216	2940	84.exe	29
PID 2940 wrote to memory of 2216	2940	84.exe	29
PID 2940 wrote to memory of 2216	2940	84.exe	29
PID 2940 wrote to memory of 2216	2940	84.exe	29

C:\Users\Admin\AppData\Local\Temp\84.exe
"C:\Users\Admin\AppData\Local\Temp\84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 52
  2⤵
  - Program crash
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2940-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2940-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download