740d3eed87978a2b1e9acd81b694978e98a1e08de6317b5ef788b8b3eb25e781 | Triage

Analysis

max time kernel
873s
max time network
876s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/01/2023, 19:29

Sharing

Report Analysis Logs

General

Target

syslog.exe
Size

170KB
MD5

6b7311d922268780448249d960f294ab
SHA1

a19844873e480e431094e7647715204a53524875
SHA256

740d3eed87978a2b1e9acd81b694978e98a1e08de6317b5ef788b8b3eb25e781
SHA512

06cae5b25f2ace78c080eeb5183367e9cf7e00ae81cca9b53d23a649dadf1ee095d7a6a0fa9ceb00d1bb3bf5115451a6f14e22676bcec450d573e27b5bde1cc6
SSDEEP

3072:GzP2RWKMx1W2DJDEck1P0mHq3+oqFKGhF/hsRZzFPk2I111KYTI1Uk19Xx86:ayWKMx86deiKFxhhGHMzTy1Rp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1188	1184	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1188	1184	syslog.exe	28
PID 1184 wrote to memory of 1188	1184	syslog.exe	28
PID 1184 wrote to memory of 1188	1184	syslog.exe	28
PID 1184 wrote to memory of 1188	1184	syslog.exe	28

C:\Users\Admin\AppData\Local\Temp\syslog.exe
"C:\Users\Admin\AppData\Local\Temp\syslog.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 36
  2⤵
  - Program crash
  PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-55-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download