267611a017bb24a4c7b3231f4c5bd2688265fe0c59a30d3ce463a84cd8d7b76a | Triage

Analysis

max time kernel
25s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/04/2023, 14:31

Sharing

Report Analysis Logs

General

Target

MinerTool.exe
Size

40KB
MD5

0dfe83136b69ed4a73942bb0c7644b1f
SHA1

9acaab2849898baba383bda2f77c1416d12c0ded
SHA256

c69fe4b52893fbc88736e942fe1b0ba4b57affaf4b53ab2d52506e50acadecc8
SHA512

2cefadf0fb1680ca4adadf4a34771a4071a4e70349f44f01adfc9834e776880e36561e23e8d4c77ff6f2612e0383ccb27d68556c6db4aeed4356df3895319f02
SSDEEP

768:lg5/atKE3OcUKctYMeXsmp4d1YTH29bw+e6gfD3uMHovZU4E0pOI:S5/at4YbCd0Hl+Eu/Uupj

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1204	628	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1204	628	MinerTool.exe	29
PID 628 wrote to memory of 1204	628	MinerTool.exe	29
PID 628 wrote to memory of 1204	628	MinerTool.exe	29

C:\Users\Admin\AppData\Local\Temp\MinerTool.exe
"C:\Users\Admin\AppData\Local\Temp\MinerTool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 628 -s 500
  2⤵
  - Program crash
  PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/628-54-0x0000000000950000-0x0000000000960000-memory.dmp

Filesize
64KB

Download