a42d9f80ef502f004ebd0b850164d9706da51359f1bd27dde891c66f4ba8e55b | Triage

Analysis

max time kernel
8s
max time network
3s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16-07-2023 11:17

Sharing

Report Analysis Logs

General

Target

BLTools v2.4 (2).exe
Size

4.6MB
MD5

c7f2e182794882c0450f6674439d983c
SHA1

274bc5d7c138648b41c4b37ad43cc37e7e11f337
SHA256

a42d9f80ef502f004ebd0b850164d9706da51359f1bd27dde891c66f4ba8e55b
SHA512

e28eb29433df7690a61269dc10102e848abb479891345f49a9674c4c6e48a80f3f5875f53edd01b1eb4180e5ea8dfe2e2ff64eb94758297797225e5035ddc3e8
SSDEEP

49152:FGgrwa1MiyqaK5fiQhX7JUQMhlFD9hOovMWPPxy40HQKg:DkqODhZMWPE4qXg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	1252	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2784	1252	BLTools v2.4 (2).exe	28
PID 1252 wrote to memory of 2784	1252	BLTools v2.4 (2).exe	28
PID 1252 wrote to memory of 2784	1252	BLTools v2.4 (2).exe	28
PID 1252 wrote to memory of 2784	1252	BLTools v2.4 (2).exe	28

C:\Users\Admin\AppData\Local\Temp\BLTools v2.4 (2).exe
"C:\Users\Admin\AppData\Local\Temp\BLTools v2.4 (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 664
  2⤵
  - Program crash
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1252-55-0x0000000074ED0000-0x00000000755BE000-memory.dmp

Filesize
6.9MB

Download
memory/1252-54-0x0000000001390000-0x000000000182A000-memory.dmp

Filesize
4.6MB

Download
memory/1252-56-0x00000000004A0000-0x00000000004E0000-memory.dmp

Filesize
256KB

Download
memory/1252-57-0x0000000074ED0000-0x00000000755BE000-memory.dmp

Filesize
6.9MB

Download