f3f5f25a09a045608b0741dfb1549f3a9856aae7fe2b7ce0a7bcb375c1ee10a0 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/06/2023, 14:41

Sharing

Report Analysis Logs

General

Target

pngtool.exe
Size

9.8MB
MD5

76405833c37ea7b0dba93aa03ce3bb13
SHA1

31c7cebdc40b244a23a00d2907af349ffaaba316
SHA256

f3f5f25a09a045608b0741dfb1549f3a9856aae7fe2b7ce0a7bcb375c1ee10a0
SHA512

2ea3f43bc0290041ed8a22889d2c808fbd891ce0bd714018558cb8d31e3b046d0a0c4f6510c9235ffa72270292cda04f95ccb07cdd16c38e21ae5734fa94ace6
SSDEEP

196608:RS7w5LFnPU1DnYPoHwiJU4I6viuDXm2bXqR298TLM+DdG6FHa:RS7wddYQEUZ6agyaKo+J96

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1368	2028	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1368	2028	pngtool.exe	29
PID 2028 wrote to memory of 1368	2028	pngtool.exe	29
PID 2028 wrote to memory of 1368	2028	pngtool.exe	29

C:\Users\Admin\AppData\Local\Temp\pngtool.exe
"C:\Users\Admin\AppData\Local\Temp\pngtool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2028 -s 100
  2⤵
  - Program crash
  PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads