d41c21b57ae15f564095e9994c5b465ccb4984fade41991e3890148b2123e992 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 22:52

Sharing

Report Analysis Logs

General

Target

231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe
Size

472KB
MD5

231ec0cb3d8fb9af1ff0c8231ae4cec0
SHA1

7c5410fe46b739792a9182cf94df4a88680672f4
SHA256

d41c21b57ae15f564095e9994c5b465ccb4984fade41991e3890148b2123e992
SHA512

d896cbd7fc62cc5c1abe38eb57a6dbb75e2d212c3cfd556a2182a35fc1bd042d1d7c415deb8182b846d8663575eb07c80173515a1f51d98463953804f6303c88
SSDEEP

3072:EAq8RinudiP52xx67lLdWiHDooAIAEMbmh99abx+0F:ECkgiPA6R8PoNvk+c

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1604	1748	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1604	1748	231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe	30
PID 1748 wrote to memory of 1604	1748	231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe	30
PID 1748 wrote to memory of 1604	1748	231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe	30
PID 1748 wrote to memory of 1604	1748	231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe	30

C:\Users\Admin\AppData\Local\Temp\231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe
"C:\Users\Admin\AppData\Local\Temp\231ec0cb3d8fb9af1ff0c8231ae4cec0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 36
  2⤵
  - Program crash
  PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-1-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download