91618a26eb2c2c748db2d9f4246519b0cbf9d6e2c1016df4aae88fb4263ea0ca | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 12:21

Sharing

Report Analysis Logs

General

Target

LiveSplit.exe
Size

416KB
MD5

515abb8920eb9bf4ec37a857dc6f92f7
SHA1

f18c724716f8e59d251222e354cfc0f14c05d6c0
SHA256

91618a26eb2c2c748db2d9f4246519b0cbf9d6e2c1016df4aae88fb4263ea0ca
SHA512

f914132c626a0ca08f11d12f5146b21c83c1cccba3225ac5c07f1de3dcdc1f28c8ede80bd0b46cdb96ed42b10fe0de7b74f4cb5f33cad0274589b4b3ddfab838
SSDEEP

6144:ZIrdtpCR/9Fc9zgsHL7irKVnbEVbFWXNWeuXIP1feik1QP9TDFt:2rdbSnugsCsnEMNH1fO8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2156	2368	WerFault.exe	28

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2156	2368	LiveSplit.exe	29
PID 2368 wrote to memory of 2156	2368	LiveSplit.exe	29
PID 2368 wrote to memory of 2156	2368	LiveSplit.exe	29

C:\Users\Admin\AppData\Local\Temp\LiveSplit.exe
"C:\Users\Admin\AppData\Local\Temp\LiveSplit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2368 -s 536
  2⤵
  - Program crash
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-54-0x0000000000E50000-0x0000000000EBE000-memory.dmp

Filesize
440KB

Download