f3d7237a1eacaaafcb8515f57d81a21d035d91c779022d9a7ff91bb9cd4dd6fc | Triage

Analysis

max time kernel
119s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/03/2023, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

iivsulmrz.exe
Size

137KB
MD5

617e72c3ebe8bb2cd57779aba5135adb
SHA1

55079e56815780aa78d12a4691c4282c9f93a145
SHA256

f3d7237a1eacaaafcb8515f57d81a21d035d91c779022d9a7ff91bb9cd4dd6fc
SHA512

f6f467f1131ad82dd51f44ad7057e45c294a758aa9c10dc2d69272a4ac2e6bebd0e1f5fe0c4363d37b1be4f1fb18f645e0d2036047050bcec626a0a7fcc92bde
SSDEEP

3072:EBiBQROBhUZ+F+XZzlD05wVME57izZxEQvuyM7m0Bnn7mS9z3A8m7:QXRaUoFKZzaCVr7iXuAM3hm7

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1224	1744	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 1224	1744	iivsulmrz.exe	29
PID 1744 wrote to memory of 1224	1744	iivsulmrz.exe	29
PID 1744 wrote to memory of 1224	1744	iivsulmrz.exe	29
PID 1744 wrote to memory of 1224	1744	iivsulmrz.exe	29

C:\Users\Admin\AppData\Local\Temp\iivsulmrz.exe
"C:\Users\Admin\AppData\Local\Temp\iivsulmrz.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 192
  2⤵
  - Program crash
  PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads