4423693e8b8a26a3096c64522b0eb2d8b24845f1737ad98879cdc301c8f5ed01 | Triage

Analysis

max time kernel
124s
max time network
152s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
28-09-2023 19:15

Sharing

Report Analysis Logs

General

Target

LANC v2.exe
Size

321KB
MD5

f594847c2e806183624275d877acf069
SHA1

f5a547ec6dc47fb2e297539a6d6ec55e4c9bd87b
SHA256

5d600c4a17065f936875f00cfddf0f04b78ca49d68596025bb9512d81bcbc766
SHA512

7b768def9bd6de863f3b7361ca8339b2dda9619dc4953f39b0cf7a2add017ceed164d430ae6ff274f6125b072cd020687329e1bcb3bee8f886fb72b4f1dd5e1c
SSDEEP

6144:ar11SDM1s5hc0DQPDeyUYbG2SlL8sWyEnh1SDM1s5hc0DQPDeyUYbG2Sl:41R1eyDeDdlQnhR1eyDeDdl

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2088 3064 WerFault.exe LANC v2.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

LANC v2.exe

description	pid	process	target process
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	WerFault.exe
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	WerFault.exe
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	WerFault.exe
PID 3064 wrote to memory of 2088	3064	LANC v2.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\LANC v2.exe
"C:\Users\Admin\AppData\Local\Temp\LANC v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 604
2⤵
- Program crash
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3064-0-0x0000000000A30000-0x0000000000A86000-memory.dmp

Filesize
344KB

Download
memory/3064-1-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download
memory/3064-2-0x0000000000520000-0x0000000000535000-memory.dmp

Filesize
84KB

Download
memory/3064-3-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download