5f02d11f87d53b8e02eb1a943c553c969dc80f57bad64fedd842b5607109a141 | Triage

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:05

Sharing

Report Analysis Logs

General

Target

EXEPackager/样本/《银狐》片头.exe
Size

3.4MB
MD5

67ff7135cda8b9314deb666b14256c7c
SHA1

25dc3c7c0281cdc4a55743e6c3faa3d6babff031
SHA256

90a181a6a771a88cd38179d4a60cea2a3a88eed946aed6aa1a7838d0428f6643
SHA512

9dcf81ce26d6f2d9bcb15a1c4ccc9ae0e21d181f7813fe4ff5c04b8995312a849b20830a6379d436843be069894347fb246229b4a735243b0949482fda7c9577
SSDEEP

98304:6F/2+PLt0YwGMf0e3JpZElQ2Fh4vr40mhOBe2r:61VPL2GMfH5ElHFh4v806S

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1112 1384 WerFault.exe 《银狐》片头.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

《银狐》片头.exe

description	pid	process	target process
PID 1384 wrote to memory of 1112	1384	《银狐》片头.exe	WerFault.exe
PID 1384 wrote to memory of 1112	1384	《银狐》片头.exe	WerFault.exe
PID 1384 wrote to memory of 1112	1384	《银狐》片头.exe	WerFault.exe
PID 1384 wrote to memory of 1112	1384	《银狐》片头.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\EXEPackager\样本\《银狐》片头.exe
"C:\Users\Admin\AppData\Local\Temp\EXEPackager\样本\《银狐》片头.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 420
2⤵
- Program crash
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-55-0x0000000000000000-mapping.dmp

Download
memory/1384-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download