d36071884086b10b302c2acd43c33d15fe73369b927ba9002d32db9409567241 | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 09:08

Sharing

Report Analysis Logs

General

Target

migrate.exe
Size

527KB
MD5

e037f718b8cce79341ada551605a430b
SHA1

3cb5fd873c934859ebb3518bb0e2659afb1fd43e
SHA256

d36071884086b10b302c2acd43c33d15fe73369b927ba9002d32db9409567241
SHA512

4ece2e71e02a543e5d6ab9bece7ba4f467ca888ae5cfbcf40616ea233d3372bd37d199b33b6a725db0fc71a6e4210272b60a822cd8a76d8d6a5ebc8996c0abbb
SSDEEP

6144:OAWCdX5gCP7/rut/WunWx+rcn1taJZZsHrZa6Igy5RmK/MR/D2lDeDiXAR3AM7O1:rdonbg1fhbUO3A+vO4xQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2224	1648	migrate.exe	29
PID 1648 wrote to memory of 2224	1648	migrate.exe	29
PID 1648 wrote to memory of 2224	1648	migrate.exe	29

C:\Users\Admin\AppData\Local\Temp\migrate.exe
"C:\Users\Admin\AppData\Local\Temp\migrate.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1648 -s 552
  2⤵
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-0-0x0000000000090000-0x0000000000118000-memory.dmp

Filesize
544KB

Download
memory/1648-1-0x000007FEF5E60000-0x000007FEF684C000-memory.dmp

Filesize
9.9MB

Download
memory/1648-2-0x000000001ABB0000-0x000000001AC30000-memory.dmp

Filesize
512KB

Download
memory/1648-3-0x000007FEF5E60000-0x000007FEF684C000-memory.dmp

Filesize
9.9MB

Download