3eb888d670c023ed90e5790a96e5de4a253f59a6175a17fbb54001f32b6ce700 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 19:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Recton.exe
Size

85KB
MD5

0a9468bcb6a061aeb86ce2d097f99aaa
SHA1

049b57ebfbade09f2acd3bba8004fd268e9f0ba3
SHA256

56d377beb41152c614a15131b4331bdd2092500902fc918d48b073c6dc36507a
SHA512

c83b043f86445bbf72605cd0189e15e462963a3a71b7cde9c65a8e7c7db818eb612b9d8790e10fcdb985ef042945988d7812f20acf85910d687d240e46a7eebb
SSDEEP

1536:VlBeGeDeqFsLpLSOETWSN8Yv/PX5AAeYAD8GXN+I7fJ+aCl1feT:VlBeGeKOhtSSFpNevzoI7h+aS1GT

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1356	1308	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1356	1308	Recton.exe	27
PID 1308 wrote to memory of 1356	1308	Recton.exe	27
PID 1308 wrote to memory of 1356	1308	Recton.exe	27
PID 1308 wrote to memory of 1356	1308	Recton.exe	27

C:\Users\Admin\AppData\Local\Temp\Recton.exe
"C:\Users\Admin\AppData\Local\Temp\Recton.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 148
  2⤵
  - Program crash
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-55-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download