18a83e9e6b0e6edd6d0dc9ef2ac065b2c422232a7925085e1ab4bb748a529c3b | Triage

Analysis

max time kernel
121s
max time network
143s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 18:32

Sharing

Report Analysis Logs

General

Target

ets606.v1.05/crack/ETS6N.exe
Size

56.7MB
MD5

49efe628adee60f91134c00a061f2318
SHA1

92fc600434215cccfad3bf1e5e3b1066ee589115
SHA256

c9ed60d5d1afb7931f58726a8a38d88bcbe724b220ca778506564b6ed26ec8ad
SHA512

0dc2fb4eab4f05e70e781c9789d4f2fd60d6c48c8d0814eac8a618e94619dc8717a990ec3dd6a1a437c8354bfb40cab4c2dfa3b94fa668b1d2eb0effef776949
SSDEEP

393216:mJ0/Nu/Uv0/NKq35CxOfX1HKR0/NBi10/NHFM0/Nz30/Nvi:myGY1xOfX1qaziGNKBi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1084	3056	ETS6N.exe	28
PID 3056 wrote to memory of 1084	3056	ETS6N.exe	28
PID 3056 wrote to memory of 1084	3056	ETS6N.exe	28

C:\Users\Admin\AppData\Local\Temp\ets606.v1.05\crack\ETS6N.exe
"C:\Users\Admin\AppData\Local\Temp\ets606.v1.05\crack\ETS6N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3056 -s 508
  2⤵
  PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3056-0-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/3056-1-0x0000000000310000-0x0000000003BD4000-memory.dmp

Filesize
56.8MB

Download
memory/3056-2-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download