51c6d3cd9249e927efdddbafd5af5f46c2ef020391152e07192dd17b0c693f76 | Triage

Resubmissions

25/03/2023, 20:07

230325-yv4lmaec45 3

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
25/03/2023, 20:07

Sharing

Report Analysis Logs

General

Target

LiveSplit.exe
Size

416KB
MD5

9f06610824238ed4bdb36055b7e7c462
SHA1

b7c5e73bc7a61fe7ad6b87912f2c4919432678af
SHA256

51c6d3cd9249e927efdddbafd5af5f46c2ef020391152e07192dd17b0c693f76
SHA512

8e603325d6496cc60fe858e8e72fede5f722cb036b7d71e1dfaef42b16a88a35e5495a1955e360ed6b2f13ee942ccb6a0a9ebd9ff5b26cf94af4c0ed36eb2654
SSDEEP

6144:terdtpCR/9Fc9zgsHL7irKVnbEVbFWXNWeuXIP1feik1QP9TDFt:crdbSnugsCsnEMNH1fO8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
920	2036	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 920	2036	LiveSplit.exe	28
PID 2036 wrote to memory of 920	2036	LiveSplit.exe	28
PID 2036 wrote to memory of 920	2036	LiveSplit.exe	28

C:\Users\Admin\AppData\Local\Temp\LiveSplit.exe
"C:\Users\Admin\AppData\Local\Temp\LiveSplit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2036 -s 536
  2⤵
  - Program crash
  PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000001330000-0x000000000139E000-memory.dmp

Filesize
440KB

Download