74433f980beff2dd490f1d4aa770c208b63aab4f4785c68492b54eec156ed8eb | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/05/2023, 12:03

Sharing

Report Analysis Logs

General

Target

Poe show buff.exe
Size

34KB
MD5

0624e983400c738cae1b645036ea4142
SHA1

be38b3fa18e7792a7f292ff9de473206496db712
SHA256

74433f980beff2dd490f1d4aa770c208b63aab4f4785c68492b54eec156ed8eb
SHA512

e43f1942919bc755d19e0ada706a88c9221ff5c2df7d451b1d3fe22261915f02c61c913ca332c06598b7357c545dcff040299807a951a6f163337e600af37ceb
SSDEEP

768:ti3v3d6oGOC3L+wlzww1OUH5E7SGaa2X:ti5GOCzwwMUHKQ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
828	1680	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 828	1680	Poe show buff.exe	28
PID 1680 wrote to memory of 828	1680	Poe show buff.exe	28
PID 1680 wrote to memory of 828	1680	Poe show buff.exe	28

C:\Users\Admin\AppData\Local\Temp\Poe show buff.exe
"C:\Users\Admin\AppData\Local\Temp\Poe show buff.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1680 -s 504
  2⤵
  - Program crash
  PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-54-0x0000000000D00000-0x0000000000D0E000-memory.dmp

Filesize
56KB

Download