2b8602ef0e1f1c126eb05742e9771e2a553c9bb8d8a1a37e475c1cc86d9924ba | Triage

Analysis

max time kernel
159s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 17:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DSE12.exe
Size

816KB
MD5

577406c95e7f1122fcf95fb9fea72347
SHA1

23bb37e11cb14eebff173fd66c3b1102cc418b1c
SHA256

2b8602ef0e1f1c126eb05742e9771e2a553c9bb8d8a1a37e475c1cc86d9924ba
SHA512

b96f840e209d7f0eb0cc36e5fbccf322561f63accb9465b373e8fc9ea7ca500f5e8c065aac0235ab088995bd35e7b21d2597c0fe0f9d24c342f8bb7e1b1821bf
SSDEEP

12288:ZH7u9VT+Hdsy7Mf3J6CxUQGfIuYFtF44sCwZiCMFVs3C:Zbu9F+HdsAMPJ60GfIzFNwZiCMFO3C

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 3064	332	DSE12.exe	28
PID 332 wrote to memory of 3064	332	DSE12.exe	28
PID 332 wrote to memory of 3064	332	DSE12.exe	28

C:\Users\Admin\AppData\Local\Temp\DSE12.exe
"C:\Users\Admin\AppData\Local\Temp\DSE12.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 332 -s 204
  2⤵
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/332-0-0x000000013F780000-0x000000013F828000-memory.dmp

Filesize
672KB

Download