570e1fbbd15009f0d56edb2184a174f8a72ff1b40abfd6adae8f642fa20ec4d7 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-10-2022 11:01

Sharing

Report Analysis Logs

General

Target

jng.exe
Size

1.3MB
MD5

6b060d81f647aa2882c0885bf9e83ca6
SHA1

48e28048527230f128419966924614bbe82184ef
SHA256

570e1fbbd15009f0d56edb2184a174f8a72ff1b40abfd6adae8f642fa20ec4d7
SHA512

96ae45eb16058f4d5e702d1daee9a90a15c6d3532eb344958cbfa632ca86c1fa56dfd67455e5060eabe6476da83578c0908d34b35b17c75ed017355710840405
SSDEEP

24576:ObUhX+Gnxh7lx3XoijuvvWNRkDFwcciL1:bX+GrjHoQuncRlcJL1

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1676	1388	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1676	1388	jng.exe	28
PID 1388 wrote to memory of 1676	1388	jng.exe	28
PID 1388 wrote to memory of 1676	1388	jng.exe	28
PID 1388 wrote to memory of 1676	1388	jng.exe	28

C:\Users\Admin\AppData\Local\Temp\jng.exe
"C:\Users\Admin\AppData\Local\Temp\jng.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 576
  2⤵
  - Program crash
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-54-0x0000000000FE0000-0x000000000113A000-memory.dmp

Filesize
1.4MB

Download