e696fbca4795eb850046b99d1f1009bce3051acbc387c1535177a0b7bcddea33 | Triage

Analysis

max time kernel
270s
max time network
320s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 11:32

Sharing

Report Analysis Logs

General

Target

embd-input-test.exe
Size

399KB
MD5

59f59e054ff22bb20a6046969014f9a3
SHA1

047a27c0b158b8b5cc071db59cc310fa6a9dc788
SHA256

2c0d46eba07272989157c1035b6f4128555e17a04df44b8306236149259df3d0
SHA512

1fa3bfb41644d0080cfd9902c0e3988b96ad9fca581d1e23d0cd99b1eea1bceba0b9bc0b4cf012e3721f4bd52fc97df4fa1bddf959465fb6957760df8e8ef8e8
SSDEEP

12288:do9DQ6M08ZmaJbFOLcRqer0GFFVWK3p+2MordUDXTa7NTV:do9DIjaDXT6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2972	2784	embd-input-test.exe	28
PID 2784 wrote to memory of 2972	2784	embd-input-test.exe	28
PID 2784 wrote to memory of 2972	2784	embd-input-test.exe	28

C:\Users\Admin\AppData\Local\Temp\embd-input-test.exe
"C:\Users\Admin\AppData\Local\Temp\embd-input-test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2784 -s 36
  2⤵
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads