Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2023, 00:43

General

  • Target

    service_updated.exe

  • Size

    26KB

  • MD5

    41129b2de89d99f0bd5e1ad1f6440eef

  • SHA1

    48ed7f4ed02069d40eca3e1398cda78df33d94e7

  • SHA256

    6573a46dcc3f3695b69d5f395bc71515b34890ddc4a73b017afab37421512542

  • SHA512

    93c22380c3ae75a1cc087716b94665626b6e0418dc4e1eb65afee536282571ed3a28607a3cf4b7ff1fbbd9ad0cda70349d556c4b0b9a17981357100c6a0d7eca

  • SSDEEP

    384:sJJo2hYvWMUMGYZacX1weJiPRQMFWsXrMTW4g1CwL1CyDb+/cG7myv+pQ6ZD0m3H:lEHqSeJiJVXrM41v1C8bpCT+Zgm3HtN

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\service_updated.exe
    "C:\Users\Admin\AppData\Local\Temp\service_updated.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1340 -s 540
      2⤵
      • Program crash
      PID:1076

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1340-54-0x0000000000CF0000-0x0000000000CFC000-memory.dmp

          Filesize

          48KB