90ac1aa29369ec10abc8597b39cc15c3b69ac50a7c1b653364fd779bb46cc57b | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/07/2023, 17:23

Sharing

Report Analysis Logs

General

Target

CI.Client.exe
Size

7.0MB
MD5

e9a44ce9c368f5b315cceff62c9ef503
SHA1

68048abd8c4e65adb1c2595e15c44472182d6681
SHA256

90ac1aa29369ec10abc8597b39cc15c3b69ac50a7c1b653364fd779bb46cc57b
SHA512

3a6e952b45a2c79231fa3be004110a104d32d598c9f7c9b3fdeaad6eb361959cb6fa6f2136e62421a911d49cdb1589b176073edfd04d47de3760a4cc5b5bc973
SSDEEP

98304:BUyiJ5A2N9G1NA65uf6zAlFeIwHWWoC3Wofow5mO0pO:BUNJ5A2N9G1N7uf6MjsWb2CO0pO

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2264	2500	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2264	2500	CI.Client.exe	28
PID 2500 wrote to memory of 2264	2500	CI.Client.exe	28
PID 2500 wrote to memory of 2264	2500	CI.Client.exe	28
PID 2500 wrote to memory of 2264	2500	CI.Client.exe	28

C:\Users\Admin\AppData\Local\Temp\CI.Client.exe
"C:\Users\Admin\AppData\Local\Temp\CI.Client.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 564
  2⤵
  - Program crash
  PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2500-54-0x0000000074870000-0x0000000074F5E000-memory.dmp

Filesize
6.9MB

Download
memory/2500-55-0x0000000000090000-0x000000000079E000-memory.dmp

Filesize
7.1MB

Download
memory/2500-56-0x0000000074870000-0x0000000074F5E000-memory.dmp

Filesize
6.9MB

Download