9a52136a7199c3e279bb6c9edf6173d75aae33a6e0fd331276bd6721cead2d7f | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 20:53

Sharing

Report Analysis Logs

General

Target

OfficeSetup.exe
Size

7.1MB
MD5

a0257f1ab58ada5052ca68f063d42847
SHA1

4dbd74056af8bb780bde1bd47f1f063c5d623a41
SHA256

9a52136a7199c3e279bb6c9edf6173d75aae33a6e0fd331276bd6721cead2d7f
SHA512

d39840a245683b3bf9366723a832ab1ef5e90feef6699b8b253a407b610aeb1b7d3fc6bad32f549266c96c9de2ebfa9c5ca62bc8b54ce8aa34b52930e57f0e00
SSDEEP

196608:xe6MIDSzxM0jZyv0esC0UgUVJa6VrFcmpKGtUlFM:xhpDSz5Y07ogUVJz3KGtUlFM

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2596	2788	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2596	2788	OfficeSetup.exe	28
PID 2788 wrote to memory of 2596	2788	OfficeSetup.exe	28
PID 2788 wrote to memory of 2596	2788	OfficeSetup.exe	28
PID 2788 wrote to memory of 2596	2788	OfficeSetup.exe	28

C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 576
  2⤵
  - Program crash
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads