3002ef1f5e6a76b35b85e831a91f3adddd31a80baa2623c045c745c34c6fff29 | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/03/2023, 19:46

Sharing

Report Analysis Logs

General

Target

NewCP.exe
Size

374KB
MD5

84486246cccb93ef0e21fb7e20045423
SHA1

d5bc56862e3b27f63b37d0bc71036dbfd2b3af6e
SHA256

3002ef1f5e6a76b35b85e831a91f3adddd31a80baa2623c045c745c34c6fff29
SHA512

2007194b12a8afb0e8e23f9bdca25be833cf329be2e0f7d812c9b5e4d197a0643d701cbe734a5df983c7d8942cc97f35f65cf1fbfa57a38f30bf5f29c7593b1a
SSDEEP

6144:NZzvhs2Z4n1E7g34XtVYAOfTdMI+o7Vt85s96E9wkJU:NJ+2Z4nShVY5aUVtCsj9NJU

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1076	1376	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1076	1376	NewCP.exe	28
PID 1376 wrote to memory of 1076	1376	NewCP.exe	28
PID 1376 wrote to memory of 1076	1376	NewCP.exe	28
PID 1376 wrote to memory of 1076	1376	NewCP.exe	28

C:\Users\Admin\AppData\Local\Temp\NewCP.exe
"C:\Users\Admin\AppData\Local\Temp\NewCP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 92
  2⤵
  - Program crash
  PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads