8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 00:22

Sharing

Report Analysis Logs

General

Target

64484fbd938448a71202c90d151fc8e4.exe
Size

817KB
MD5

64484fbd938448a71202c90d151fc8e4
SHA1

e52bd39a933ab6762292e38caa2001c1dfeea5b9
SHA256

8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e
SHA512

5f53808393f00cedc552462c53045cfb8e8fe6bc7a32eced72fce255b454fde24fe350841e800b46424747af16fdf615d709532d11fd67a926ee15a5dadae676
SSDEEP

24576:FgLNqLM6+dQtWfgi4HShiO8nYq0MYduMTxG:PM6+dQtWfbCO8nYHMY1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2508	3048	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2508	3048	64484fbd938448a71202c90d151fc8e4.exe	31
PID 3048 wrote to memory of 2508	3048	64484fbd938448a71202c90d151fc8e4.exe	31
PID 3048 wrote to memory of 2508	3048	64484fbd938448a71202c90d151fc8e4.exe	31
PID 3048 wrote to memory of 2508	3048	64484fbd938448a71202c90d151fc8e4.exe	31

C:\Users\Admin\AppData\Local\Temp\64484fbd938448a71202c90d151fc8e4.exe
"C:\Users\Admin\AppData\Local\Temp\64484fbd938448a71202c90d151fc8e4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 108
  2⤵
  - Program crash
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3048-0-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download