3478cb72674de4bbfbabd812e9383008bee123374ccdce446ceb8ed58a209b05 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 18:25

Sharing

Report Analysis Logs

General

Target

x_debloated.exe
Size

1.1MB
MD5

007ce165ab3ed52fd01260e28583630e
SHA1

e8940ff704d7545e2c4049cf556ebe6c4b13f07b
SHA256

3478cb72674de4bbfbabd812e9383008bee123374ccdce446ceb8ed58a209b05
SHA512

acd79dab95c89f6421626d07ffc291ad2f8fbcbef046cb9612820ea454c5f5d1b2f77713b69c07b3293c93fe53411eed2cd0d25a8da6bb97cc6d23a649f690bd
SSDEEP

24576:lIHCA1uqM1oatbwvRpIgPAW88D6zNVBs6:EuqM1oatUvR/gjBn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
2652	2204	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

x_debloated.exe

description	pid	Process	procid_target
PID 2204 wrote to memory of 2652	2204	x_debloated.exe	29
PID 2204 wrote to memory of 2652	2204	x_debloated.exe	29
PID 2204 wrote to memory of 2652	2204	x_debloated.exe	29
PID 2204 wrote to memory of 2652	2204	x_debloated.exe	29

C:\Users\Admin\AppData\Local\Temp\x_debloated.exe
"C:\Users\Admin\AppData\Local\Temp\x_debloated.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 52
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2204-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download