ca882c9c2b1f06e2ff53c865cb751489f0bf472e5b5d2e13dd1d8958cb759740 | Triage

Analysis

max time kernel
112s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 11:55

Sharing

Report Analysis Logs

General

Target

d405780a81546a2f051815c7e46a7020N.exe
Size

461KB
MD5

d405780a81546a2f051815c7e46a7020
SHA1

c987cefdd0737dcb420f92ece7d9e3d2ba7bed26
SHA256

ca882c9c2b1f06e2ff53c865cb751489f0bf472e5b5d2e13dd1d8958cb759740
SHA512

3a0e58fad79b3fdd489f7ed0d2651444bbf764c89c2048094b919f3caf626364a84f1657971276016378639c3b8c9c80e8da979c192b4d422c9a9cfc849dc2a4
SSDEEP

6144:KWnM8NQDVi3ULUgNQPi3UPUgNQViEUjUgN:KqiUJ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	2504	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2052	2504	d405780a81546a2f051815c7e46a7020N.exe	29
PID 2504 wrote to memory of 2052	2504	d405780a81546a2f051815c7e46a7020N.exe	29
PID 2504 wrote to memory of 2052	2504	d405780a81546a2f051815c7e46a7020N.exe	29
PID 2504 wrote to memory of 2052	2504	d405780a81546a2f051815c7e46a7020N.exe	29

C:\Users\Admin\AppData\Local\Temp\d405780a81546a2f051815c7e46a7020N.exe
"C:\Users\Admin\AppData\Local\Temp\d405780a81546a2f051815c7e46a7020N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 140
  2⤵
  - Program crash
  PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2504-0-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download