fb888dd213840ee5c5d0f5be1d3a72990609fa967d946d6c7c92ed7ebc43a4c0 | Triage

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:18

Sharing

Report Analysis Logs

General

Target

sce64.exe
Size

84KB
MD5

1e4d594c4b540d0cacf73d6a39afb2e5
SHA1

fc693b4082d3c3b30e9f0097b3f1ed9bc59b59ca
SHA256

fb888dd213840ee5c5d0f5be1d3a72990609fa967d946d6c7c92ed7ebc43a4c0
SHA512

a6523e2b2311010944bb8398d59559b443ff9374f7dbdd73290c2c6d8638e385120c58a75571f352a55c470e28350e2c92bace65b12b34739a9b3b1394e43e08
SSDEEP

1536:f6bQHC0kzhCO2MohKgltEZa+cu3S3SMzKVyDQohaJexrxVM6xI:CbIC0uCO2phxltjCTVy9jMj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2624	2628	sce64.exe	30
PID 2628 wrote to memory of 2624	2628	sce64.exe	30
PID 2628 wrote to memory of 2624	2628	sce64.exe	30

C:\Users\Admin\AppData\Local\Temp\sce64.exe
"C:\Users\Admin\AppData\Local\Temp\sce64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2628 -s 528
  2⤵
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2628-0-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/2628-1-0x000000013F7F0000-0x000000013F808000-memory.dmp

Filesize
96KB

Download
memory/2628-2-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download