a55d483fa0c04fd11398fa59c133b3a821e17dfd025856864b3e8ee64cb32a83 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/10/2022, 20:18

Sharing

Report Analysis Logs

General

Target

SOA.exe
Size

271KB
MD5

76908d130188008ff543f181322c4fe1
SHA1

dd9238c4e28b2f79e265827d300470191c56335b
SHA256

a55d483fa0c04fd11398fa59c133b3a821e17dfd025856864b3e8ee64cb32a83
SHA512

c413aca425ce1f6c4f795034660ef9ef8690ee32905a38aaa34b2eb113dcd1fddddf189525d22c519b3f4ee594bddf8dee869c96edbb4f7bc4dabfd263d71487
SSDEEP

6144:y1IPV0BOC25lDbaSPuKz6N68buEPtkZcuvM1Z7bAawRRh:2uLCLAuKz8iElfJATRb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1104	1948	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1104	1948	SOA.exe	27
PID 1948 wrote to memory of 1104	1948	SOA.exe	27
PID 1948 wrote to memory of 1104	1948	SOA.exe	27

C:\Users\Admin\AppData\Local\Temp\SOA.exe
"C:\Users\Admin\AppData\Local\Temp\SOA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1948 -s 524
  2⤵
  - Program crash
  PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x0000000000EB0000-0x0000000000EF8000-memory.dmp

Filesize
288KB

Download