4423693e8b8a26a3096c64522b0eb2d8b24845f1737ad98879cdc301c8f5ed01 | Triage

Analysis

max time kernel
124s
max time network
152s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
28/09/2023, 19:15

Sharing

Report Analysis Logs

General

Target

LANC v2.exe
Size

321KB
MD5

f594847c2e806183624275d877acf069
SHA1

f5a547ec6dc47fb2e297539a6d6ec55e4c9bd87b
SHA256

5d600c4a17065f936875f00cfddf0f04b78ca49d68596025bb9512d81bcbc766
SHA512

7b768def9bd6de863f3b7361ca8339b2dda9619dc4953f39b0cf7a2add017ceed164d430ae6ff274f6125b072cd020687329e1bcb3bee8f886fb72b4f1dd5e1c
SSDEEP

6144:ar11SDM1s5hc0DQPDeyUYbG2SlL8sWyEnh1SDM1s5hc0DQPDeyUYbG2Sl:41R1eyDeDdlQnhR1eyDeDdl

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2088	3064	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	27
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	27
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	27
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	27

C:\Users\Admin\AppData\Local\Temp\LANC v2.exe
"C:\Users\Admin\AppData\Local\Temp\LANC v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 604
  2⤵
  - Program crash
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3064-0-0x0000000000A30000-0x0000000000A86000-memory.dmp

Filesize
344KB

Download
memory/3064-1-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download
memory/3064-2-0x0000000000520000-0x0000000000535000-memory.dmp

Filesize
84KB

Download
memory/3064-3-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download