0c642101db403a83084fff72366dcde738035194ce8c158ff48038e3347045ea | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/03/2023, 19:34

Sharing

Report Analysis Logs

General

Target

tModLoaderServer.exe
Size

7.4MB
MD5

1aea18d8b12c580a44871f907722e376
SHA1

7ef5964bc3f884c4d1dee609a7a753f0d5effa48
SHA256

698751d56aa84ba5b4973b5eb3a809cf33e190ceb20808474fb8dc6245663e53
SHA512

614c00eb4b591e948c96021d3070d8e6f1a79e7024429620dddaffa85f2b23efd9d7db09c6627f798a5848d97cebf37cd91bb8571929ce8e1435d898282c0399
SSDEEP

98304:huhhwoU0ek13nzJJg7mp8vzu7qv4ipmmlSs+8sJelba:4hyoBnz1pUzu7qv45Ksslba

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
908	1328	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 908	1328	tModLoaderServer.exe	29
PID 1328 wrote to memory of 908	1328	tModLoaderServer.exe	29
PID 1328 wrote to memory of 908	1328	tModLoaderServer.exe	29
PID 1328 wrote to memory of 908	1328	tModLoaderServer.exe	29

C:\Users\Admin\AppData\Local\Temp\tModLoaderServer.exe
"C:\Users\Admin\AppData\Local\Temp\tModLoaderServer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 544
  2⤵
  - Program crash
  PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1328-54-0x00000000011E0000-0x0000000001954000-memory.dmp

Filesize
7.5MB

Download
memory/1328-55-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download
memory/1328-56-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download