58d2fed4bddfaf9993f60713206575bde2a3f69e40f9ad863bac6470f55c036f | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/03/2023, 10:53

Sharing

Report Analysis Logs

General

Target

Dota.exe
Size

5KB
MD5

faf7a97b752f91a305fadb44fd7a280c
SHA1

aa6791e0c1f01ab3cf3169a0abc3613beb2c9af8
SHA256

58d2fed4bddfaf9993f60713206575bde2a3f69e40f9ad863bac6470f55c036f
SHA512

b48b23d1d201154893043d093ec72fd61f169a2645b2f01fc9e6a007eae15cf55386ca800d57ed270533d97416f2d65544dfa6977af92de8524af27024cbdebf
SSDEEP

96:SJ2+emdiK1ig+qXeCm8ywbk8e4wbaozNt:f+emsKJTNmwQ8eZbaq

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1720	1700	WerFault.exe	22

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1720	1700	Dota.exe	28
PID 1700 wrote to memory of 1720	1700	Dota.exe	28
PID 1700 wrote to memory of 1720	1700	Dota.exe	28

C:\Users\Admin\AppData\Local\Temp\Dota.exe
"C:\Users\Admin\AppData\Local\Temp\Dota.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1700 -s 608
  2⤵
  - Program crash
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-54-0x000000013F310000-0x000000013F316000-memory.dmp

Filesize
24KB

Download
memory/1700-55-0x000000001ADD0000-0x000000001AE50000-memory.dmp

Filesize
512KB

Download
memory/1700-56-0x000000001ADD0000-0x000000001AE50000-memory.dmp

Filesize
512KB

Download