a14b4b6c8c39fc86667f5291d56f94339e5516ca45a08fb3479c9cb38b03bfc5 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 07:04

Sharing

Report Analysis Logs

General

Target

636f4880444e9cefb984f6e8536ac950N.exe
Size

184KB
MD5

636f4880444e9cefb984f6e8536ac950
SHA1

99c8c40615d72c7189413307128ad59c12449a70
SHA256

a14b4b6c8c39fc86667f5291d56f94339e5516ca45a08fb3479c9cb38b03bfc5
SHA512

53ffa3a3acbaf20c02ec26cff0d686cc7ce3af18dc86097006fa219eae21f3b9e884e57822007781624b7338f9f28a3545eeaaa71a84afa4c8ac27f6c819ea24
SSDEEP

3072:fTPvckodAOrAd4lZWixn8NNzulvnqnxiu9:fTDo784lR8jzulPqnxiu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
772	2008	WerFault.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2008	636f4880444e9cefb984f6e8536ac950N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 772	2008	636f4880444e9cefb984f6e8536ac950N.exe	30
PID 2008 wrote to memory of 772	2008	636f4880444e9cefb984f6e8536ac950N.exe	30
PID 2008 wrote to memory of 772	2008	636f4880444e9cefb984f6e8536ac950N.exe	30
PID 2008 wrote to memory of 772	2008	636f4880444e9cefb984f6e8536ac950N.exe	30

C:\Users\Admin\AppData\Local\Temp\636f4880444e9cefb984f6e8536ac950N.exe
"C:\Users\Admin\AppData\Local\Temp\636f4880444e9cefb984f6e8536ac950N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 200
  2⤵
  - Program crash
  PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads