9b213c9bac7b804d065dc1e4ce1d30e14da812d9810c33544f9d252147c4846f | Triage

Analysis

max time kernel
9s
max time network
1s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 13:12

Sharing

Report Analysis Logs

General

Target

Open32.exe
Size

252KB
MD5

a4939552fd49c815275f8471aa690e24
SHA1

b25e32b28841d3a313df3214d808630de52171c0
SHA256

9b213c9bac7b804d065dc1e4ce1d30e14da812d9810c33544f9d252147c4846f
SHA512

ab7aad4c27751b4e9ba91bd8a2c11f6ab11ad2eec63d66d0f174c58713380f0ee267a65e495eecc736e1aae258ffa039e4e7728560bd49b91a9eb4a8cf2d577d
SSDEEP

6144:euGQdkTUGJXOjv5o1SDQkdvuP84zyU/49eK/yB4ar:XGSkTUGRODekpz4zq9eK/yB4ar

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2120	2164	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2120	2164	Open32.exe	28
PID 2164 wrote to memory of 2120	2164	Open32.exe	28
PID 2164 wrote to memory of 2120	2164	Open32.exe	28
PID 2164 wrote to memory of 2120	2164	Open32.exe	28

C:\Users\Admin\AppData\Local\Temp\Open32.exe
"C:\Users\Admin\AppData\Local\Temp\Open32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 48
  2⤵
  - Program crash
  PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download