Overview

overview

3

Static

static

3

PlusERP.exe

windows7-x64

3

PlusERP.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PlusERP.exe

  • Size

    7.1MB

  • MD5

    f754f2405097b1f4b181a56e0c2cdaf2

  • SHA1

    852f4fc54f3815b8997b072f74a03b401d0eab1e

  • SHA256

    11c6b253aaede403287e3ba93412a1e09820a642171551346c3548cb9bf603c2

  • SHA512

    7c014e06ef5d6e38a6e6174a4966682cc6f21309a2fe0390b9fc7f881c651ff97dcf53b7e7c04509e807dfacdffe313852c27ac2d813cdbadc95787e3e24ca44

  • SSDEEP

    196608:2Pza57yWAmOfAh6a/ZvdWcen/BJXmRM1mkt:22yWApWo3pJgM1N

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PlusERP.exe
    "C:\Users\Admin\AppData\Local\Temp\PlusERP.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 696
      2⤵
      • Program crash
      PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1400-54-0x00000000008E0000-0x0000000000FF6000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/1400-55-0x00000000047A0000-0x00000000047E0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1400-56-0x00000000047A0000-0x00000000047E0000-memory.dmp

    Filesize

    256KB

    Download