Analysis

  • max time kernel
    28s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2023, 19:24

General

  • Target

    Riot Cracker.exe

  • Size

    17KB

  • MD5

    1b2a81f9a34c97a9ea5b3a10477628b7

  • SHA1

    3fe2e652f8d7aa368e20539635264470f3aac935

  • SHA256

    5c9d11d4dde405bb24ab8c2a7641a2b0eab2ac5cb303fb48e184ff3a8b48f101

  • SHA512

    37461fa1d96783e73d40dc372613fd4c3ff303bc04fef41dd8eab6128964813a23a5f5249ef7a65a9d52c48e75e14920d95ec66b618e9deff9a1d51ff3be85c8

  • SSDEEP

    384:2b+ZUrLdgYVYkjM1qw1Bg/dfk57mY3UwlsJT95bt:5+M1qw1BYcqlDbt

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Riot Cracker.exe
    "C:\Users\Admin\AppData\Local\Temp\Riot Cracker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 580
      2⤵
      • Program crash
      PID:916

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2024-54-0x0000000000B40000-0x0000000000B4A000-memory.dmp

          Filesize

          40KB

        • memory/2024-55-0x0000000000430000-0x000000000044C000-memory.dmp

          Filesize

          112KB

        • memory/2024-56-0x0000000000630000-0x0000000000670000-memory.dmp

          Filesize

          256KB

        • memory/2024-57-0x0000000000630000-0x0000000000670000-memory.dmp

          Filesize

          256KB