1916508444f556a0bbaa66818f21f4ad58e7448552a112880d1b94433363684b | Triage

Analysis

max time kernel
37s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15/02/2023, 01:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

victoria2.exe
Size

36KB
MD5

4da5ddd8b77676e269a4a0e46c191e30
SHA1

4c91454e579e2f9b835cc9d3193dba09029ea389
SHA256

1916508444f556a0bbaa66818f21f4ad58e7448552a112880d1b94433363684b
SHA512

a41734c735fd70fc3528345aae38269153141e59a5129ebc7e971a5e920df6b4c07c66345549f8c24b367ef4acf4cb5ceac2221846b5df9685c10ea1a86e8b48
SSDEEP

384:9v7mT+JloDkj9gGZiJ1nkypQh3TiO6UNljqShKhjzlmIFxJ6Ry2+j:9v6TKX9gG43pyjJKD/FqRy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1764	1572	victoria2.exe	28
PID 1572 wrote to memory of 1764	1572	victoria2.exe	28
PID 1572 wrote to memory of 1764	1572	victoria2.exe	28
PID 1572 wrote to memory of 1764	1572	victoria2.exe	28

C:\Users\Admin\AppData\Local\Temp\victoria2.exe
"C:\Users\Admin\AppData\Local\Temp\victoria2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 428
  2⤵
  PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1572-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1572-57-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1572-58-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1572-59-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download