9229bf3c95eefabaf00e4221c0ff71ad3cb8c842a813d8a5816af2b0b15bba06 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 21:30

Sharing

Report Analysis Logs

General

Target

夢魔个人远控GHOST+.3.78美化版/DivXAvi.exe
Size

31KB
MD5

1165f2a1b0823abe49b7661a7b020140
SHA1

26081e4aaa8b1ffc624fe2db56860e2b7692a469
SHA256

0e6563e748b51815c9af6e6b7c242da99ee633a3408b5b5b8ce14b1c9cb4fcd2
SHA512

4da6b74d2fa4129b1ae1f6a9e032c5da68aa841376f23ae647aa839c81082d8f330b130f3ede36af1b080a0aaa300da0a59d67fb912c96d687b01f482d3a40b4
SSDEEP

768:ZEP2MhadWk0jPcZ1Ie+TN44vM74kG3vYc1Iba7ed2t5:ZEP2MawPcZN+TSJ4R5845

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1120 1444 WerFault.exe DivXAvi.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

DivXAvi.exe

description	pid	process	target process
PID 1444 wrote to memory of 1120	1444	DivXAvi.exe	WerFault.exe
PID 1444 wrote to memory of 1120	1444	DivXAvi.exe	WerFault.exe
PID 1444 wrote to memory of 1120	1444	DivXAvi.exe	WerFault.exe
PID 1444 wrote to memory of 1120	1444	DivXAvi.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\夢魔个人远控GHOST+.3.78美化版\DivXAvi.exe
"C:\Users\Admin\AppData\Local\Temp\夢魔个人远控GHOST+.3.78美化版\DivXAvi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 188
2⤵
- Program crash
PID:1120

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1120-56-0x0000000000000000-mapping.dmp

Download
memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1444-55-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1444-57-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download