a60545be885c890fe90acc7dc00033eebb95cdfbf2ddd635e2cd85aca66cd362 | Triage

Analysis

max time kernel
140s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 09:38

Sharing

Report Analysis Logs

General

Target

报表编辑器（有二维码）.exe
Size

1.8MB
MD5

8ac95ba4860a69e1bdbaac3198d78683
SHA1

a3e7ea497431723b55a21eb45b5d278401fea464
SHA256

a60545be885c890fe90acc7dc00033eebb95cdfbf2ddd635e2cd85aca66cd362
SHA512

98ee6d3552adbe5b4fc51edb627bff384910e0295f1f4cd469beb6aef47fc4af461e55e14ae368b8db41dcf7bdca1413e4bffae3571acd0329326207bf7b4c83
SSDEEP

49152:jXYGhOmOiw52PVTMga7T4It3TQ7xS9J/YTWkC6Nm1:88ORAwsq3N8Jm1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

报表编辑器（有二维码）.exe

description	pid	process	target process
PID 1984 wrote to memory of 904	1984	报表编辑器（有二维码）.exe	splwow64.exe
PID 1984 wrote to memory of 904	1984	报表编辑器（有二维码）.exe	splwow64.exe
PID 1984 wrote to memory of 904	1984	报表编辑器（有二维码）.exe	splwow64.exe
PID 1984 wrote to memory of 904	1984	报表编辑器（有二维码）.exe	splwow64.exe

C:\Users\Admin\AppData\Local\Temp\报表编辑器（有二维码）.exe
"C:\Users\Admin\AppData\Local\Temp\报表编辑器（有二维码）.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
2⤵
PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/1984-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1984-57-0x0000000000400000-0x0000000000A74000-memory.dmp

Filesize
6.5MB

Download
memory/1984-58-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download