071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37 | Triage

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 15:09

Sharing

Report Analysis Logs

General

Target

crypt6.exe
Size

512KB
MD5

a957dc16d684fbd7e12fc87e8ee12fea
SHA1

20c73ccfdba13fd9b79c9e02432be39e48e4b37d
SHA256

071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
SHA512

fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b
SSDEEP

12288:4iFfKsLIh/4hBNR3lfo4T4A1i5g70dbRFpJtRSfF:40iP/E/pigb1i5Q0dbLLWf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	2056	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2556	2056	crypt6.exe	30
PID 2056 wrote to memory of 2556	2056	crypt6.exe	30
PID 2056 wrote to memory of 2556	2056	crypt6.exe	30
PID 2056 wrote to memory of 2556	2056	crypt6.exe	30

C:\Users\Admin\AppData\Local\Temp\crypt6.exe
"C:\Users\Admin\AppData\Local\Temp\crypt6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 96
  2⤵
  - Program crash
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2056-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download