7510cb4cbd39a8d25be809fa1a31af5ab7b4a88c381b34104fafc9f742d0e54c | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 16:10

Sharing

Report Analysis Logs

General

Target

e6dc35756e7e2cb86cf9440d8ac77a70N.exe
Size

184KB
MD5

e6dc35756e7e2cb86cf9440d8ac77a70
SHA1

2482800d5da21446c6343024661175cc7fd61923
SHA256

7510cb4cbd39a8d25be809fa1a31af5ab7b4a88c381b34104fafc9f742d0e54c
SHA512

5ac1b39c62cc38debd1c4daf78e8a6914bbf3d2360581bf58a3e56c6ca40bb1657194c404eabe454ff35d7a411880fb8ecee81c3c25a6c8e8ad91866b2d61eb8
SSDEEP

3072:FQS7FSonrXzSjowtWunSVdXUlvnqnziul:FQxovYowfSLXUlPqnziu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	2020	WerFault.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2020	e6dc35756e7e2cb86cf9440d8ac77a70N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2832	2020	e6dc35756e7e2cb86cf9440d8ac77a70N.exe	30
PID 2020 wrote to memory of 2832	2020	e6dc35756e7e2cb86cf9440d8ac77a70N.exe	30
PID 2020 wrote to memory of 2832	2020	e6dc35756e7e2cb86cf9440d8ac77a70N.exe	30
PID 2020 wrote to memory of 2832	2020	e6dc35756e7e2cb86cf9440d8ac77a70N.exe	30

C:\Users\Admin\AppData\Local\Temp\e6dc35756e7e2cb86cf9440d8ac77a70N.exe
"C:\Users\Admin\AppData\Local\Temp\e6dc35756e7e2cb86cf9440d8ac77a70N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 244
  2⤵
  - Program crash
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-1-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download