495fbfecbcadb103389cc33828db139fa6d66bece479c7f70279834051412d72 | Triage

Resubmissions

18/04/2023, 12:36

230418-ptbpsabd55 3

18/04/2023, 05:10

230418-ftprzahg42 3

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/04/2023, 05:10

Sharing

Report Analysis Logs

General

Target

NOTEPAD.exe
Size

2.6MB
MD5

9756b1c7d0001100fdde3efefb7e086f
SHA1

55de88118fe8abefb29dec765df7f78785908621
SHA256

495fbfecbcadb103389cc33828db139fa6d66bece479c7f70279834051412d72
SHA512

d9497cd0af40cc3149db52aee1ba333e8261232ff00e6e7208eaac639fba533d6931828823c3c3211bddf083260904d77d595d877070eb218075b1f631e13f07
SSDEEP

49152:kNJLuf3HJrb/TfvO90d7HjmAFd4A64nsfJjogr1n3wSmZD1UCu5ErgXpS/IXF+9c:Tf3SvEoDY95e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1704	1492	WerFault.exe	26

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1704	1492	regsvr32.exe	27
PID 1492 wrote to memory of 1704	1492	regsvr32.exe	27
PID 1492 wrote to memory of 1704	1492	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NOTEPAD.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1492 -s 220
  2⤵
  - Program crash
  PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads