c8b169216a6b0aeaedf5232834865212402562922a26c15534148b04f0e88fec | Triage

Resubmissions

20/03/2023, 22:37

230320-2jz1vaff66 3

Analysis

max time kernel
7s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/03/2023, 22:37

Sharing

Report Analysis Logs

General

Target

LustHunter.exe
Size

61KB
MD5

260bbb6863d0160718fd60998ab82e24
SHA1

eda83938098b906af9ee5cfa4dddf972dff36c94
SHA256

c8b169216a6b0aeaedf5232834865212402562922a26c15534148b04f0e88fec
SHA512

af899b319a1e4ff92d9a9195655d08b747d2b42b660ae7696abe1d566ede7b5312dc8a656d958600633d44bef0034d79ae1d1f7e6f2602b05665677484cc4a4f
SSDEEP

1536:IDGQiz6V7tMmtzuodZ2wAlC8pauZANvcX/c8G:EGGtFtaKZ6lCATZAN0Xh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1680	1632	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1680	1632	LustHunter.exe	27
PID 1632 wrote to memory of 1680	1632	LustHunter.exe	27
PID 1632 wrote to memory of 1680	1632	LustHunter.exe	27

C:\Users\Admin\AppData\Local\Temp\LustHunter.exe
"C:\Users\Admin\AppData\Local\Temp\LustHunter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1632 -s 56
  2⤵
  - Program crash
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1632-54-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download