c2cae791772a0de0c4477bec746fb2e1d88961b294d7f2847cfc6563c2202c8f | Triage

Resubmissions

28-09-2023 14:40

230928-r1yh8scb2t 10

28-09-2023 14:23

230928-rqhp2adc95 8

Analysis

max time kernel
1561s
max time network
1566s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
28-09-2023 14:40

Sharing

Report Analysis Logs

General

Target

install-tool.exe
Size

300.3MB
MD5

8457f42f2b8a1f46daea28e16a235b61
SHA1

0b52c51bf6dac23155ec45e7d83119ff313f318d
SHA256

8f536b3f85b999cf0a899de83523c8fea56647e6be6880fbbc7856e1cb802902
SHA512

f33d6dd31c6896c32cd386ca5fc5ed5d931aae76dcd04648ea6e941851ac6bcb63fdfcd42b975702c35471ef53cd8cf6ee7c285e09e96152516c4096e7498db3
SSDEEP

49152:TzZa6Jr7GhXX7KbAC0yz+444444444444444444444444444444444444444444z:Te

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 3016	2596	install-tool.exe	28
PID 2596 wrote to memory of 3016	2596	install-tool.exe	28
PID 2596 wrote to memory of 3016	2596	install-tool.exe	28

C:\Users\Admin\AppData\Local\Temp\install-tool.exe
"C:\Users\Admin\AppData\Local\Temp\install-tool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2596 -s 516
  2⤵
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2596-0-0x000007FEF52C0000-0x000007FEF5CAC000-memory.dmp

Filesize
9.9MB

Download
memory/2596-1-0x000000013F750000-0x0000000140750000-memory.dmp

Filesize
16.0MB

Download
memory/2596-2-0x000007FEF52C0000-0x000007FEF5CAC000-memory.dmp

Filesize
9.9MB

Download