0b8fec8889ebfad93f64e181c290caacbc75a4062d09bc4bd2372fddaad372fa | Triage

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 04:56

Sharing

Report Analysis Logs

General

Target

6a1537a074283336a6434c260dd0bcf0N.exe
Size

128KB
MD5

6a1537a074283336a6434c260dd0bcf0
SHA1

cd5d19ed7c6613ed77b2be65d6390f5d3d6f8561
SHA256

0b8fec8889ebfad93f64e181c290caacbc75a4062d09bc4bd2372fddaad372fa
SHA512

3320d53a0a785fc622c0306195a93e8231159aac1866dc2692395e2b1ff92c585ed0e0b7669da12fe2120fceae6669d49778ba8f943a9484976d6a87196df07c
SSDEEP

768:8UUCTUUC151Npquv3RnFKE7pGnbcuyD7UJTE:8U5TU5bLpXRkPnouy8C

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	2112	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2556	2112	6a1537a074283336a6434c260dd0bcf0N.exe	30
PID 2112 wrote to memory of 2556	2112	6a1537a074283336a6434c260dd0bcf0N.exe	30
PID 2112 wrote to memory of 2556	2112	6a1537a074283336a6434c260dd0bcf0N.exe	30
PID 2112 wrote to memory of 2556	2112	6a1537a074283336a6434c260dd0bcf0N.exe	30

C:\Users\Admin\AppData\Local\Temp\6a1537a074283336a6434c260dd0bcf0N.exe
"C:\Users\Admin\AppData\Local\Temp\6a1537a074283336a6434c260dd0bcf0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 36
  2⤵
  - Program crash
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download