ec50ad398485aea0e26629f2080d8ccca6f80fe804f4fa0c6a34bfa2f7e57d28 | Triage

Analysis

max time kernel
26s
max time network
29s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31/05/2023, 06:51

Sharing

Report Analysis Logs

General

Target

VtdSpZinDimen.exe
Size

10.7MB
MD5

fe2fb7c73608108dffa14fe61601d63d
SHA1

2916090dae2def967f557529fb31ceeabb7489a6
SHA256

ec50ad398485aea0e26629f2080d8ccca6f80fe804f4fa0c6a34bfa2f7e57d28
SHA512

99a69b549bc74894c96a2888d58ec82274804ca6692c527364ae77ce6920e5ea505af3d3b8271811da304873e772b6160bbba442c7e7d4b18395464fcf3ba422
SSDEEP

196608:exvLjOAYhDnvXzNDUXpMe5OcwwmpdCG0:eYrDvX6uGmp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	1196	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2000	1196	VtdSpZinDimen.exe	27
PID 1196 wrote to memory of 2000	1196	VtdSpZinDimen.exe	27
PID 1196 wrote to memory of 2000	1196	VtdSpZinDimen.exe	27
PID 1196 wrote to memory of 2000	1196	VtdSpZinDimen.exe	27

C:\Users\Admin\AppData\Local\Temp\VtdSpZinDimen.exe
"C:\Users\Admin\AppData\Local\Temp\VtdSpZinDimen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 572
  2⤵
  - Program crash
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-54-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1196-55-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/1196-56-0x0000000000400000-0x0000000000F50000-memory.dmp

Filesize
11.3MB

Download
memory/1196-57-0x0000000000400000-0x0000000000F50000-memory.dmp

Filesize
11.3MB

Download